Casablanca Maintenance CLI Security/Vulnerability Report
- Amy Zwarico
Repository | Group | Impact Analysis | Action |
|---|---|---|---|
cli | org.apache.httpcomponents | False Positive ONAP CLI does not allow to access to this libarary, where user can send URL request for malfunction. The CVE does not affect the CLI, it does not expose the HTTPS endpoint. so there is no impact on the ONAP CLI. | Not applicable |
cli | com.fasterxml.jackson.core | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |
cli | commons-codec | False Positive Its not direct dependency and is caused via 3rd party lib dependency. And it does not harm anyway to CLI. | Not applicable |
cli | jline | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |
Discussion over ONAP mailing list, pls find here.