...
In the case where you have nested third party components (a third party component embedding another third party component) and there is NO CVE number for the upstream third party component (meaning the third party component you are embedding), it is recommended to open a vulnerability issue on the upstream third party component.
| Tip | ||
|---|---|---|
| ||
Please make a Copy of this template into your project wiki space. Be sure to make a Copy (not a Move) by using the ... on the top right corner of this page Within the M4 checklist create a link toward your copy of this template Once this template has been copied into your project wiki space, you can delete this "Tip" section |
The following table is addressing 2 different scenarios:
...
| Repository | Group | Impact Analysis | Action |
|---|---|---|---|
| aaf-authz-docker | com.thoughtworks.xstream | Q-How does this vulnerability impact your project | JIRA Link In the JIRA ticket, you will explain findings and action plan Add the Label "Security" |
False Positive Add the explanation why you believe it is a false positive | Not applicable|||
| clamp | com.fasterxml.jackson.core | False positive | N/A |
| clamp | angular | Jira: | |
| clamp | angular | Jira: | |
| clamp | org.apache.tomcat.embed | Jira: | |
| clamp | org.apache.tomcat.embed | ||
| clamp | jquery | ||
| clamp | org.glassfish.grizzly :grizzly-http | ||
| clamp | org.webjars.npm bootstrap | ||
| clamp | com.sun.faces : jsf-impl | ||
| clamp | jquery | ||
| clamp | angular | ||
| clamp | com.sun.faces : jsf-impl | ||
| clamp | org.jboss.resteasy : resteasy-jaxrs |