This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project. 


RepositoryGroupImpact AnalysisAction

cli

org.apache.httpcomponents

False Positive

ONAP CLI does not allow to access to this libarary, where user can send URL request for malfunction.

CVE-2015-5262 does not affect the CLI, it does not expose the HTTPS endpoint.

so there is no impact on the ONAP CLI.

Not applicable

cli

com.fasterxml.jackson.core

False Positive

ONAP CLI does not allow to access to this libarary, where user can malfunction.

so there is no impact on the ONAP CLI.

Not applicable

cli

commons-codec

False Positive

Its not direct dependency and is caused via 3rd party lib dependency. And it does not harm anyway to CLI.

Not applicable

cli

jline

False Positive

ONAP CLI does not allow to access to this libarary, where user can malfunction.

so there is no impact on the ONAP CLI.

Not applicable