Casablanca VID Security/Vulnerability Report
- Amy Zwarico
This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
vid | angular.min.js angular.js | Its source is in ONAP Portal SDK | Request exception |
vid | bouncycastle | Its source is in ONAP Portal SDK | Request exception |
vid | com.fasterxml.jackson.core | False positive VID doesn't use createBeanDeserializer() function in the BeanDeserializerFactory class | False positive |
vid | commons-beanutils | No fix is available for this vulnerability; Its source is in ONAP Portal SDK | Request exception |
vid | moment | No fix is available for this vulnerability; Its source is in ONAP Portal SDK | Request exception |
vid | org.apache.httpcomponents | Its source is in ONAP Portal SDK | Request exception |
vid | org.codehaus.jackson | False positive VID doesn't use the problematic function createBeanDeserializer in the BeanDeserializerFactory class No fix is available for this vulnerability | False positive |
vid | xerces | Its source is in ONAP Portal SDK | Request exception |
vid | org.hibernate | Its source is in ONAP Portal SDK | Request exception |
vid | org.eclipse.jetty | False positive VID doesn't use the check function in Password.java file | False positive |
vid | com.google.guava | Its source is in ONAP Portal SDK | Request exception |
vid | commons-codec | Its source is in ONAP Portal SDK | Request exception |
vid | dom4j | Its source is in ONAP Portal SDK | Request exception |
vid | jquery | No use of parseHTML function; No use of AJAX calls in Jquery (only make such calls with Angular) | False positive |
vid | org.apache.wicket | Its source is in ONAP Portal SDK | Request exception |
vid | org.springframework | Its source is in ONAP Portal SDK | Request exception |
vid | org.springframework | Its source is in ONAP Portal SDK | Request exception |
vid | org.springframework | Its source is in ONAP Portal SDK | Request exception |
vid | org.springframework | Its source is in ONAP Portal SDK | Request exception |
vid | org.owasp.esapi | Its source is in ONAP Portal SDK | Request exception |
vid | org.owasp.antisamy | Its source is in ONAP Portal SDK | Request exception |
vid | org.eclipse.jetty | VID has a dependency for HTTP requests: jersey-jetty-connector which uses the jetty-http dependency. These vulnerabilities related to having a jetty server but jetty-http doesn't creates one. | False positive |
codec