This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
| Repository | Group | Impact Analysis | Action |
|---|---|---|---|
| sdnc/apps, sdnc/oam | ch.qos.logback | Most likely false positive, since this vulnerability only applies to remote socket connections, which do not apply (since we do not log to remote server). However, should be addressed anyway. | Tracked in issue SDNC-596 - Getting issue details... STATUS |
| sdnc/oam | com.fasterxml | Should be upgraded to jackson-databind version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/oam | com.fasterxml | Should be upgraded to jackson-databind version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | Fixed in version 2.8.6 | Tracked in issue SDNC-597 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | There is no non-vulnerable version, but there is a documented workaround. | Tracked in issue SDNC-599 - Getting issue details... STATUS |
| sdnc/northbound | com.fasterxml.jackson.core | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/oam | com.fasterxml.jackson.core | There is no non-vulnerable version, but there is a documented workaround. | Tracked in issue SDNC-599 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.core | There is no non-vulnerable version, but there is a documented workaround. | Tracked in issue SDNC-599 - Getting issue details... STATUS |
| sdnc/apps | com.fasterxml.jackson.datatype | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/northbound | com.fasterxml.jackson.datatype | Fixed in version 2.9.8 | Tracked in issue SDNC-598 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | com.google.guava | Fixed in version 23.6.1 | Tracked in issue SDNC-600 - Getting issue details... STATUS |
| sdnc/oam | dom4j | Fixed in version 2.1.1 | Tracked in issue SDNC-651 - Getting issue details... STATUS |
| sdnc/oam | javax.servlet | Fixed in version 1.2.3 | Tracked in issue SDNC-651 - Getting issue details... STATUS |
| sdnc/northbound | javax.mail | Fixed in version 1.5.3 | Tracked in issue SDNC-604 - Getting issue details... STATUS |
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/northbound, sdnc/oam | org.apache.karaf.jaas | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/northbound, sdnn/oam | org.apache.karaf.shell | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/northbound, sdnn/oam | org.apache.karaf.shell | Inherited from OpenDaylight Fluorine release | Must be fixed in upstream OpenDaylight |
| sdnc/oam | org.apache.logging.log4j | Fixed in version 2.8.2 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.apache.tomcat.embed | Upgrade to version 8.5.32 | Tracked in issue SDNC-610 - Getting issue details... STATUS |
| sdnc/oam | org.codehaus.jackson | There is no non-vulnerable version, but there is a documented workaround. | Tracked in issue SDNC-599 - Getting issue details... STATUS |
| sdnc/oam | org.hibernate | Upgrade to version 5.3.6.Final or above | Tracked in issue SDNC-611 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.15.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.15.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.15.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.20.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/apps, sdnc/northbound | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework | Fixed in version 4.3.20.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework | Fixed in version 4.3.18.RELEASE | Tracked in issue SDNC-601 - Getting issue details... STATUS |
| sdnc/oam | org.springframework.data | Fixed in version 1.13.11 | Tracked in issue SDNC-612 - Getting issue details... STATUS |
| sdnc/oam | org.springframework.data | Fixed in version 1.13.12 | Tracked in issue SDNC-612 - Getting issue details... STATUS |
| sdnc/oam | org.springframework.data | Fixed in version 1.13.10 | Tracked in issue SDNC-612 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in version 4.0.0 and above | Tracked in issue SDNC-613 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in version 3.4.0 and above | Tracked in issue SDNC-613 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in version 3.4.0 and above | Tracked in issue SDNC-613 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in version 4.1.2 and above | Tracked in issue SDNC-613 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | org.webjars | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | bootstrap | Fixed in version 4.1.2 | Tracked in issue SDNC-605 - Getting issue details... STATUS |
| sdnc/oam | bootstrap | Fixed in version 4.1.2 | Tracked in issue SDNC-605 - Getting issue details... STATUS |
| sdnc/oam | bootstrap | Fixed in version 4.1.2 | Tracked in issue SDNC-605 - Getting issue details... STATUS |
| sdnc/oam | bootstrap | Fixed in version 4.1.2 | Tracked in issue SDNC-605 - Getting issue details... STATUS |
| sdnc/oam | bootstrap-table | Needs further research - problem description is poor, as usual with these (says to upgrade to version that does not have vulnerability without stating what version that might be) | Tracked in issue SDNC-605 - Getting issue details... STATUS |
| sdnc/apps | handlebars | Workaround is to ensure "handlebars" (double braces - e.g {{ hello there }}) are inside single quotes (e.g. '{{hello there}}') | Tracked in issue SDNC-602 - Getting issue details... STATUS |
| sdnc/oam | jquery | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | jquery | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | jquery | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/oam | jquery | Fixed in jQuery version 3.0.0 | Tracked in issue SDNC-608 - Getting issue details... STATUS |
| sdnc/apps | uikit | Appears to have been fixed in 2016, but unclear what version. This is a recurrent theme in SONATYPE vulnerabilities - the problem description generally says "upgrade to a version that does not have this vulnerability" without specifying that version - only a link to the change in GitHub, which does not tell you what version it applies to. | Tracked in issue SDNC-603 - Getting issue details... STATUS |