View Source

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.

Note : the shaded lines in the table below are vulnerabilities inherited from the OpenDaylight Oxygen distribution, on which much of CCSDK is based. These vulnerabilities will be reported as CVEs to the OpenDaylight project so they can address them.

Repository	Group	Impact Analysis	Action
ccsdk/apps	ch.qos.logback	Need to upgrade version to 1.2.0	Plan to upgrade version to 1.2.0, where feasible
ccsdk/apps, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	ch.qos.logback	Need to upgrade version to 1.2.0	Plan to upgrade version to 1.2.0, where feasible
ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/parent	com.fasterxml.jackson.core	Fixed in version 2.8.6	Plan to upgrade to version >= 2.8.6
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/features	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/sli/northbound	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	com.fasterxml.jackson.core	No non-vulnerable version of Jackson exists	Need to rewrite code to avoid Jackson
ccsdk/parent	com.fasterxml.jackson.core	Fixed in version 2.8.8.1	Plan to upgrade to version >= 2.8.8.1
ccsdk/apps, ccsdk/distribution, ccsdk/sli/adaptors	com.fasterxml.jackson.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.fasterxml.jackson.dataformat	Need to upgrade to version 2.7.4 or higher	Plan to upgrade to version >= 2.7.8
ccsdk/distribution	com.fasterxml.jackson.dataformat	Need to upgrade to version 2.7.8 or higher	Plan to upgrade to version >= 2.7.8
ccsdk/distribution	com.flozano.sendgrid	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/sli/northbound	com.google.guava	Need to upgrade to version 23.6.1 or greater	Plan to upgrade to version 23.6.1 or higher
ccsdk/apps	com.google.guava	Need to upgrade to version 23.6.1 or greater	Plan to upgrade to version 23.6.1 or higher
ccsdk/distribution	com.google.guava	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.google.guava	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.h2database	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	com.h2database	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	com.h2database	No non-vulnerable version exists	Need to find replacement
ccsdk/apps	com.h2database	No non-vulnerable version exists	Need to find replacement
ccsdk/distribution	com.jcraft	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/sli/adaptors	com.sun.mail	Need to upgrade to version 1.5.3 or greater	Plan to upgrade to version >= 1.5.3
ccsdk/distribution	commons-beanutils	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-beanutils	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-codec	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/sli/plugins	commons-collections	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-collections	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	commons-fileupload	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution, ccsdk/sli/plugins	dom4j	Need to upgrade to version 2.1.1 or higher	Need to upgrade to version 2.1.1 or higher
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	io.netty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features	javax.mail	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	javax.mail	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/sli/adaptors	javax.mail	Inherited from OpenDaylight	Must be updated to 1.4.5 to be consistent with ODL
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	net.sf.ehcache	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.activemq	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.activemq	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.faces.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hadoop	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.hbase	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors	org.apahe.httpcomponents	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/plugins	org.apache.karaf.jaas	Need to upgrade to version 4.5.3 or higher	Plan to upgrade to version >= 4.5.3
ccsdk/apps, ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/core, ccsdk/sli/northbound, ccsdk/sli/pliugins	org.apache.karaf.jaas	Need to upgrade to version 4.3.6 or higher	Plan to upgrade to version >= 4.5.3
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.apache.karaf.webconsole	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.myfaces.core	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.servicemix.bundles	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.shiro	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.shiro	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.28 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.23 or later	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.28 or higher	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version > 8.5.16	Plan to upgrade version >= 8.5.32
ccsdk/apps	org.apache.tomcat.embed	Need to upgrade to version 8.5.32 or higher	Plan to upgrade version >= 8.5.32
ccsdk/distribution	org.apache.zookeeper	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.apache.zookeeper	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.bouncycastle	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.codehaus.jackson	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.codehaus.jackson	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.dom4j	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty.aggregate	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.eclipse.jetty.aggregate	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.hibernate	Need to upgrade to version 5.3.6.Final or later	Plan to upgrade to version >= 5.3.6.Final
ccsdk/distribution	org.infinispan	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.infinispan	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jboss.narayana.osgi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.jgroups	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.liquibase	False positive? CVE refers to jQuery, not liquibase.	Unknown - inadequate information in tool
ccsdk/apps	org.liquibase	False positive? CVE refers to bootstrap, not liquibase	Unknown - inadequate information in tool
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.tipi	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.ops4j.pax.web	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	org.postgresql	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/distribution, ccsdk/features, ccsdk/sli/adaptors, ccsdk/sli/plugins	org.springframework	Need to upgrade to version 4.3.17 or higher	Plan to upgrade to version >= 4.3.17
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/parent	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/distribution, ccsdk/features	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/distribution, ccsdk/features	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.18 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework	Need to upgrade to version 4.3.15 or higher	Plan to upgrade to version >= 4.3.18
ccsdk/apps	org.springframework.boot	Need to upgrade to version 1.5.10 or highrer	Plan to upgrade to version >= 1.5.10
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.10 or higher	Plan to upgrade version >= 1.3.12
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.11 or higher	Plan to upgrade version >= 1.3.12
ccsdk/apps	org.springframework.data	Need to upgrade to version 1.3.12 or higher	Plan to upgrade version >= 1.3.12
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	angular	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angularjs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-material	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-material	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-sanitize	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-sanitize	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-sanitize	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-sanitize	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	angular-sanitize	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	bl	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	deep-extend	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	handlebars	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/apps, ccsdk/distribution	jquery	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	jquery	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	jquery	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	jquery	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	jquery	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	lodash-amd	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	minimatch	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	qs	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	request	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	request	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	semver	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	shell-quote	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	tough-cookie	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight
ccsdk/distribution	tough-cookie	Inherited from OpenDaylight	Must be fixed in upstream OpenDaylight