Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.



GroupImpact AnalysisAction
clampcom.fasterxml.jackson.core the issue has been removed from the CLAMP core code. the remaining usage of "Jackson" is coming from SDC client library so we depend on SDC project to remove the final reference to "Jackson" library.

CLAMP-236 - Getting issue details... STATUS

SDC-2216 - Getting issue details... STATUS

clampcom.fasterxml.jackson.core 

same as above.

CLAMP-236 - Getting issue details... STATUS

clampcom.fasterxml.jackson.core same as above.

CLAMP-236 - Getting issue details... STATUS

clampcom.fasterxml.jackson.core same as above.

CLAMP-236 - Getting issue details... STATUS

clampcom.fasterxml.jackson.datatypesame as above.

CLAMP-236 - Getting issue details... STATUS

clampangular

need to go to higher version of angular which requires a complete re-work of the CLAMP UI.


CLAMP-223 - Getting issue details... STATUS

clampangularneed to go to higher version of angular which requires a complete re-work of the CLAMP UI.

CLAMP-223 - Getting issue details... STATUS

clamporg.springframework.security
We need it to support the basic authentication case for CLAMP (to support deployment without AAF integration). Since in normal operation AAF will be used, this will not be an issue in normal use of CLAMP

CLAMP-282 - Getting issue details... STATUS

clampangularneed to go to higher version of angular which requires a complete re-work of the CLAMP UI.

CLAMP-223 - Getting issue details... STATUS

clamplodashissue solved. "lodash" has been removed from GUI code as it is actually not used.

CLAMP-281 - Getting issue details... STATUS

clampdom4jused by hibernate inside the springboot framework. Since we are not using xml the impact is limited. but we plan to go to a newer version of springboot(version 2.1.4)to solve the issue

CLAMP-338 - Getting issue details... STATUS

clampcommons-codecunder investigation (just appeared on the report the april 13th 2019)

CLAMP-342 - Getting issue details... STATUS

 clamp org.apache.tomcat.embed under investigation (just appeared on the report the april 13th 2019)

CLAMP-353 - Getting issue details... STATUS

clamp  jquery.min.js located at target/clamp.jar/META-INF/resources/designer/lib  under investigation

CLAMP-397 - Getting issue details... STATUS  



  • No labels