This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Group | Impact Analysis | Action | |
---|---|---|---|
clamp | com.fasterxml.jackson.core | the issue has been removed from the CLAMP core code. the remaining usage of "Jackson" is coming from SDC client library so we depend on SDC project to remove the final reference to "Jackson" library. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.core | same as above. | |
clamp | com.fasterxml.jackson.datatype | same as above. | |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | |
clamp | org.springframework.security | We need it to support the basic authentication case for CLAMP (to support deployment without AAF integration). Since in normal operation AAF will be used, this will not be an issue in normal use of CLAMP | |
clamp | angular | need to go to higher version of angular which requires a complete re-work of the CLAMP UI. | |
clamp | lodash | issue solved. "lodash" has been removed from GUI code as it is actually not used. | |
clamp | dom4j | used by hibernate inside the springboot framework. Since we are not using xml the impact is limited. but we plan to go to a newer version of springboot(version 2.1.4)to solve the issue | |
clamp | commons-codec | under investigation (just appeared on the report the april 13th 2019) | |
clamp | org.apache.tomcat.embed | under investigation (just appeared on the report the april 13th 2019) | |
clamp | jquery.min.js | under investigation |