Please note: Report is as per London release
so-adapters-so-etsi-sol003-adapter
Priority | Component name and version | CVE | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.3 | CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 SONATYPE-2021-4682 | 2.14.1 | This is indirect dependency coming from the o-parent. | |
| 1 | org.yaml : snakeyaml : 1.26 | CVE-2022-25857 CVE-2022-38749 CVE-2022-38751 CVE-2022-38752 CVE-2022-41854 CVE-2022-38750 | 1.33 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |
so-libs
Priority | Component name and version | CVE | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 SONATYPE-2021-4682 | 2.14.1 | This is indirect dependency coming from the o-parent. |
so
Priority | Component name and version | CVE | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.3 | CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 SONATYPE-2021-4682 | 2.14.1 | 7 7 7 7 | This is indirect dependency coming from the o-parent. |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.9.8 | CVE-2019-12086 CVE-2020-25649 CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 | 2.14.1 | 7 7 7 7 7 | Same as above |
| 1 | com.google.protobuf : protobuf-java : 3.10.0 | CVE-2022-3171 CVE-2022-3509 CVE-2021-22569 | 4.0.0-rc-2 | 7 7 5 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |
| 1 | com.h2database : h2 : 1.4.200 | CVE-2021-42392 CVE-2022-23221 SONATYPE-2021-1681 SONATYPE-2022-6243 SONATYPE-2018-0863 | 0.16.4 | 9 9 8 8 6 | We dont use this code in the production and is only built for testing code. |
| 1 | org.apache.tomcat : tomcat-catalina : 9.0.45 | CVE-2022-23181 CVE-2021-30640 | 9.0.37.1 | 7 6 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.json : json : 20140107 | SONATYPE-2022-3061 | 20220924 | 7 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.json : json : 20160212 | SONATYPE-2022-3061 | 20220924 | 7 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.springframework : spring-web : 5.2.14.RELEASE | CVE-2016-1000027 CVE-2021-22118 CVE-2021-22096 | 6.0.2 | 9 7 4 | The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
| 1 | org.springframework.data : spring-data-rest-hal-browser : 3.3.9.RELEASE | CVE-2021-23358 CVE-2021-23358 CVE-2018-14042 CVE-2019-11358 CVE-2019-8331 CVE-2020-11023 CVE-2020-26291 CVE-2021-3647 CVE-2022-1233 SONATYPE-2014-0026 SONATYPE-2020-0187 SONATYPE-2022-2019 CVE-2022-24723 SONATYPE-2016-0129 | 3.3.9.RELEASE | 7 7 6 6 6 6 6 6 6 6 6 6 5 5 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.springframework.security : spring-security-web : 5.4.6 | CVE-2022-22978 | 3.0.11-oss | 9 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 1 | org.yaml : snakeyaml : 1.26 | CVE-2022-25857 CVE-2022-38749 CVE-2022-38751 CVE-2022-38752 CVE-2022-41854 CVE-2022-38750 | 1.33 | 7 6 6 6 6 5 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
| 2 | org.glassfish.jersey.core : jersey-common : 2.22.1 | CVE-2021-28168 | 5 | Indirect dependency, | |
| 2 | org.glassfish.jersey.core : jersey-common : 2.30.1 | CVE-2021-28168 | 5 | Indirect dependency. | |
| 2 | org.springframework : spring-webmvc : 5.2.12.RELEASE | CVE-2021-22060 | 6.0.2 | 4 | This needs further analysis and We are facing resource issue at the moment, request a waiver. |
so-so-admin-cockpit
Priority | Component name and version | CVE | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 SONATYPE-2021-4682 | 2.14.1 | This is indirect dependency coming from the o-parent. The change would bring in a major testing to be performed across the projects and we have a resource crunch. |
so-so-etsi-nfvo
Priority | Component name and version | CVE | Recommended version | Threat level | Project’s assessment |
| 1 | com.fasterxml.jackson.core : jackson-databind : 2.11.1 | CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 SONATYPE-2021-4682 | 2.14.1 | This is indirect dependency coming from the o-parent. The change would bring in a major testing to be performed across the projects and we have a resource crunch. | |
| 1 | org.yaml : snakeyaml : 1.26 | CVE-2022-25857 CVE-2022-38749 CVE-2022-38751 CVE-2022-38752 CVE-2022-41854 CVE-2022-38750 | 1.33 | This needs further analysis and is being checked in detail. We have a resource crunch at the moment. |