Casablanca CLI Security/Vulnerability Report
- Amy Zwarico
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
cli | org.apache.httpcomponents | False Positive ONAP CLI does not allow to access to this libarary, where user can send URL request for malfunction. CVE-2015-5262 does not affect the CLI, it does not expose the HTTPS endpoint. so there is no impact on the ONAP CLI. | Not applicable |
cli | com.fasterxml.jackson.core | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |
cli | commons-codec | False Positive Its not direct dependency and is caused via 3rd party lib dependency. And it does not harm anyway to CLI. | Not applicable |
cli | jline | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |