Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project


RepositoryGroupImpact AnalysisAction
clampcom.fasterxml.jackson.core

From NexusIQ:

"jackson-databind is vulnerable to Remote Code Execution (RCE). The createBeanDeserializer() function in the BeanDeserializerFactory class allows untrusted Java objects to be deserialized. A remote attacker can exploit this by uploading a malicious serialized object that will result in RCE if the application attempts to deserialize it."


CLAMP-236 - Getting issue details... STATUS

clampangular

It impacts our UI as angular is the skeleton technology used in the code.

Anyway we have mitigated the issue by setting the angular version to 1.3.2 with the least amount of security issue reported by Nexus IQ (for Release 1.XX)

Analyze how to migrate the UI to a recent angular version (> 4.X)

CLAMP-223 - Getting issue details... STATUS

clamp bootstrap

It impacts our UI as bootstrap (one of the latest version, 4.1.1) is used in clamp code.

We could be impacted by the possible Cross-Site Scripting (XSS) reported by Nexus IQ

Wait until Bootstrap library is fixed or investigate how to delete/replace it

CLAMP-237 - Getting issue details... STATUS



  • No labels