Dublin VNFSDK Security/Vulnerability Report

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.

Repository	Group	Impact Analysis	Action
vnfsdk/functest	com.fasterxml.jackson.core	False positive. We do not use default typing in vnfsdk/functest. Currently, we are looking for using the Gson to replace the Jackson.	No Action VNFSDK-368 - Getting issue details... STATUS
vnfsdk/functest	com.github.roskart.dropwizard-jaxws	False positive. The code comes in through a 3rd party dependency, but isn't used in VNFSDK.	No Action VNFSDK-368 - Getting issue details... STATUS
vnfsdk/functest	com.h2database	False positive. Only used in unit testing. There is no way for this to be used during deployment.	No Action VNFSDK-368 - Getting issue details... STATUS
vnfsdk/validation	com.fasterxml.jackson.core	False positive. We do not use default typing in vnfsdk/validation	No Action VNFSDK-370 - Getting issue details... STATUS
vnfsdk/refrepo	com.fasterxml.jackson.core	False positive Jackson: can be an issue if we leave on default typing In vnfsdk we do not use default typing. We use strict parsing and validation of deserialized data. There is no unknown source data from which marketplace reads the application data (xml/json).	No Action VNFSDK-369 - Getting issue details... STATUS
vnfsdk/refrepo	bootstrap	2019/4/17: Bootstarp publish the latest non-vulnerable version 4.3.1 two month ago. we will try to investigate this in El Alto Release. There is no non-vulnerable version of bootstrap package.	Request Exception... VNFSDK-369 - Getting issue details... STATUS
vnfsdk/functest	postgresql	the related CVE is marked as disputed. it's commonly used and without newer version. we'd like to ask exception for it.	Request Exception... VNFSDK-368 - Getting issue details... STATUS
vnfsdk/validation	jline	False postive. jline is used during the mvn test phase and is not used while vnfsdk service is running. so it is false positive categoty.	No Action VNFSDK-370 - Getting issue details... STATUS
vnfsdk/refrepo vnfsdk/functest	jetty-http jetty-server jetty-util	WIP	VNFSDK-369 - Getting issue details... STATUS
vnfsdk/refrepo	commons-codec	Request Exception This dependency is used by httpclient package: org.apache.httpcomponents. HttpClient is heavily used in opensource and currently we cant find an alternative for this.	Request Exception VNFSDK-369 - Getting issue details... STATUS
vnfsdk/validation	commons-codec	Request Exception This dependency is used by httpclient package: org.apache.httpcomponents. HttpClient is heavily used in opensource and currently we cant find an alternative for this.	Request Exception VNFSDK-370 - Getting issue details... STATUS
vnfsdk/refrepo	postgresql	the related CVE is marked as disputed. it's commonly used and without newer version. we'd like to ask exception for it.	Request Exception... VNFSDK-369 - Getting issue details... STATUS

Space shortcuts

Page tree