Dublin ExtAPI Security/Vulnerability Report

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.



Repository

Group

Impact Analysis

Action

Repository

Group

Impact Analysis

Action

externalapi/nbi

com.fasterxml.jackson.core

False Positive.

DefaultTyping is disabled, polymorphism with default typing or manual setting by property are not used in NBI.

N/A

externalapi/nbi

commons-beanutils

False positive:

Beanutils is ONLY manipulated for outgoing serialization purpose, to filter json node to populate http response with json.

Beanutils is not used on input data or exposed as is to external client



N/A

Note: 1.9.3 is the latest released but still not fix the listed vulnerability.

We tried to use some other frameworks but only beanutils has some key features we can not miss, to filter json response data. Avoiding commonsbenanutils means an important re write of the code.

externalapi/nbi

commons-codec

False positive

Used by the sdc-tosca parser. NBI uses sdc tosca parser without any input parameters provided through the NBI API.