...
| Repository | Group | Impact Analysis | Action | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| vid | angular.min.js angular.js | False Positive VID UI templates are static, and not user-generated in any way. Its source is in ONAP Portal SDK | False positiveRequest exception | |||||||||||||
| vid | bouncycastle No fix is available for this vulnerability; | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | com.fasterxml.jackson.core | False positive VID doesn't use createBeanDeserializer() function in the BeanDeserializerFactory class | False positive | |||||||||||||
| vidcom.thoughtworks.xstream | commons-beanutils | No fix is available for this vulnerability; Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | commons-beanutilsmoment | No fix is available for this vulnerability; Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vidcommons-fileupload | org.apache.httpcomponents | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vidcommons-httpclient | org.codehaus.jackson | False positive VID doesn't use the problematic line: readRawLine of HttpParser function createBeanDeserializer in the BeanDeserializerFactory class No fix is available for this vulnerability | False positive | |||||||||||||
| vid | javax.servlet | No fix is available for this vulnerability (since 1.2);xerces | Its source is in ONAP Portal SDK | Request exception | ||||||||||||
| vid | moment | No fix is available for this vulnerability;org.hibernate | Its source is in ONAP Portal SDK | Request exception | ||||||||||||
| vid | org.apacheeclipse.httpcomponentsjetty | False positive VID uses this library just for selenium tests automation, meaning no production code affected.doesn't use the check function in Password.java file | False positive | |||||||||||||
| vid | com.google.guava | Its source also is in ONAP Portal SDK | False positiveRequest exception | |||||||||||||
| vid | org.apache.lucene | No fix is available for this vulnerability;commons-codec | Its source is in ONAP Portal SDK | Request exception | ||||||||||||
| vid | org.bouncycastle | No fix is available for this vulnerability;dom4j | Its source is in ONAP Portal SDK | Request exception | ||||||||||||
| vid | org.codehaus.jackson | False positive VID doesn't use the problematic function createBeanDeserializer in the BeanDeserializerFactory class No fix is available for this vulnerability | False positive | vid | xalan | jquery | Under investigation
| |||||||||
| vid | org.apache.wicket | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vidxerces | org.springframework | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | org.hibernatespringframework | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | org.beanshellspringframework | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vidcommons-collections | org.springframework | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | org org.apacheowasp.poiesapi | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| vid | org.apacheowasp.poiantisamy | Its source is in ONAP Portal SDK | Request exception | |||||||||||||
| ???vid | org.eclipse.jetty | False positive VID doesn't use the check function in Password.java file | False positive Under investigation
|