Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.

...


GroupImpact AnalysisAction
clampcom.fasterxml.jackson.core the issue has been removed from the CLAMP core code. the remaining usage of "Jackson" is coming from SDC client library so we depend on SDC project to remove the final reference to "Jackson" library.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-236

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keySDC-2216

clampcom.fasterxml.jackson.core 

same as above.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-236

clampcom.fasterxml.jackson.core same as above.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-236

clampcom.fasterxml.jackson.core same as above.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-236

clampcom.fasterxml.jackson.datatypesame as above.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-236

clampangular

need to go to higher version of angular which requires a complete re-work of the CLAMP UI.


Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-223

clampangularneed to go to higher version of angular which requires a complete re-work of the CLAMP UI.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-223

clamporg.springframework.security
We need it to support the basic authentication case for CLAMP (to support deployment without AAF integration). Since in normal operation AAF will be used, this will not be an issue in normal use of CLAMP

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-282

clampangularneed to go to higher version of angular which requires a complete re-work of the CLAMP UI.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-223

clamplodashissue solved. "lodash" has been removed from GUI code as it is actually not used.

Jira Legacy
serverSystem Jira
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-281

clampdom4jused by hibernate inside the springboot framework. Since we are not using xml the impact is limited. but we plan to go to a newer version of springboot(version 2.1.4)to solve the issue

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-338

clampcommons-codecunder investigation (just appeared on the report the april 13th 2019)

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-342

 clamp org.apache.tomcat.embed under investigation (just appeared on the report the april 13th 2019)only affect windows based platform. So not applicable in ONAP.

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-353

clamp  jquery jquery.min.js located at target/clamp.jar/META-INF/resources/designer/lib

 under investigation


Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyCLAMP-397
 

...