Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.



The following table is addressing 2 different scenarios:

  • Confirmation of a vulnerability including an action
  • False Positive

The information related to Repository, Group, Artifact, Version and Problem Code are extracted from the CLM report (see the below screenshot)

RepositoryGroupImpact AnalysisAction
aaf-authz

AAF has no vulnerable third party packages in the AAF tool repo.


aaf-cadicommons.beanutils

False Positive - this jar is used by Shiro, not by CADI code, and is thus a problem with Shiro, not AAF or CADI


None - Shiro needs to fix
aaf-cadiorg.apache.shiro

False Positive - this jar is used by Shiro, not by CADI code, and is thus a problem with Shiro, not AAF or CADI



There is a new Jar available, 1.4.0, which appears promising. However, checked with clients which use OpenDaylight. They cannot use 1.4.0 at this time. (4/2/2019)


  • No labels