This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.


RepositoryGroupImpact AnalysisAction
vidangularIt might be a hard upgrade. VID use angularjs, but have it also as ONAP sdk dependency

















vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangularIts source is in ONAP Portal SDK 2.4.0





VID-471 - Getting issue details... STATUS

vidangular
vidangular
vidangular
vidangular
vidangular
vidangular
vidangular-sanitizeIts source is in ONAP Portal SDK 2.4.0









vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-sanitize
vidangular-ui-gridIts source is in ONAP Portal SDK 2.4.0
vidangular-ui-gridIts source is in ONAP Portal SDK 2.4.0
vidangular-ui-grid
vidorg.owasp.antisamyIts source is in ONAP Portal SDK 2.4.0
vidorg.owasp.antisamy
vidorg.bouncycastleIts source is in ONAP Portal SDK 2.4.0
vidorg.bouncycastle
vidorg.webjarsIts source is in ONAP Portal SDK 2.4.0



vid

org.webjars


vid

org.webjars


vidorg.webjars
vidcom.mchange


VID-461 - Getting issue details... STATUS

vidcommons-beanutilsIts source is in ONAP Portal SDK 2.4.0
vidcommons-codecIts source is in ONAP Portal SDK 2.4.0
vidcommons-fileuploadIts source is in ONAP Portal SDK 2.4.0
viddom4jIts source is in ONAP Portal SDK 2.4.0
vidorg.elasticsearchIts source is in ONAP Portal SDK 2.4.0
vidorg.elasticsearch
vidorg.owasp.esapiIts source is in ONAP Portal SDK 2.4.0
vidorg.owasp.esapi
vidorg.hibernateIts source is in ONAP Portal SDK 2.4.0
vidcom.fasterxml.jackson.coreFalse positive
VID doesn't use createBeanDeserializer() function in the BeanDeserializerFactory class
vidorg.eclipse.jetty

False positive

This only impacts users using Eclipse Jetty on Windows.


vidorg.eclipse.jetty

False positive

VID is using only org.eclipse.jetty.util.security.Password, no http servers.

Anyhow:  VID-472 - Getting issue details... STATUS

vidorg.webjarsNo use of parseHTML function;
No use of AJAX calls in Jquery (only make such calls with Angular)






vidjQuery
vidjQuery
vidjquery
vidjquery
vidmomentIts source is in ONAP Portal SDK 2.4.0
vidmoment
vidmomentIts source is in ONAP Portal SDK 2.4.0


vidmoment
vidorg.seleniumhq.seleniumFalse positive; used only for tests
vidorg.apache.wicketIts source is in ONAP Portal SDK 2.4.0
vidorg.exist-db.thirdparty.xercesIts source is in ONAP Portal SDK 2.4.0