This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action | ||
---|---|---|---|---|---|
logging-analytics pomba-aai-context-builder pomba-context-aggregator pomba-network-discovery-context-builder pomba-sdc-context-builder | com.fasterxml.jackson.core | false positive - we don't use this part of the library | will fix in dublin - as no version of jackson is safe | ||
logging-analytics | com.fasterxml.jackson.core | false positive - we don't use this part of the library | will fix in dublin - as no version of jackson is safe Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now | ||
pomba-audit-common | com.fasterxml.jackson.core | false positive - we don't use this part of the library will fix in dublin - as no version of jackson is safe | |||
logging-analytics | org.glassfish.hk2.external | false positive - we don't use this part of the library will fix in dublin Also implementing library is a non-deployed demo library - with no use in any deployed docker image right now | |||
handelbars | Need to upgrade to or above 4.0.0 For SDNC-CB this is pushed to dublin | ||||
stipsan/uikit (swagger) | No versions are good - need a replacement for this swagger component For SDNC-CB this is pushed to dublin | ||||
pomba-sdnc-context-builder | logback-classic | DMaaP usage related
Note: SDNC-ContextBuilder is not deployed as part of Casablanca - OOM has not branched as of 20181128 - so we can see there is no pod for SDNC-CB - it will appear in the dublin branch via master - therefore the SV reports can be ignored for now as they are in dublin scope (there is an issue where CLM jobs are run against master instead of branches)
| |||
pomba-sdnc-context-builder | struts-core | DMaaP usage related
| |||
pomba-sdnc-context-builder | struts-taglib | DMaaP usage related
| |||
pomba-sdnc-context-builder | org.codehaus.plexus | DMaaP usage related
Dependency org.codehaus.plexus:plexus-utils:jar:3.0.22 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |||
pomba-sdnc-context-builder | dom4j | DMaaP usage related
Dependency dom4j:dom4j:jar:1.6.1 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |||
pomba-sdnc-context-builder | commons-beanutils | DMaaP usage related
Dependency commons-beanutils:commons-beanutils:jar:1.9.3 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |||
pomba-sdnc-context-builder | org.apache.ant | DMaaP usage related
Dependency org.apache.ant:ant:jar:1.8.4 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT | |||
pomba-sdnc-context-builder | org.jsoup | DMaaP usage related
Dependency org.jsoup:jsoup:jar:1.7.2 located at Module org.onap.logging-analytics.pomba:pomba-sdnc-context-builder:jar:1.4.0-SNAPSHOT |