This table represents the known exploitable and non-exploitable vulnerabilities in third party packages used in the project.
Repository | Group | Impact Analysis | Action |
---|---|---|---|
cli [Level: 7 Security] | org.apache.httpcomponents | False Positive ONAP CLI does not allow to access to this libarary, where user can send URL request for malfunction. CVE-2015-5262 does not affect the CLI, it does not expose the HTTPS endpoint. so there is no impact on the ONAP CLI. | Not applicable |
cli [Level: 9 Security] | com.fasterxml.jackson.core | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |
cli [License ] | com.github.dreamhead | False Positive. Its MIT licensed | Not applicable |
cli [Level: 5 Security] | commons-codec | False Positive Its not direct dependency and is caused via 3rd party lib dependency. And it does not harm anyway to CLI. | Not applicable |
cli [Level: 4 Security] | jline | False Positive ONAP CLI does not allow to access to this libarary, where user can malfunction. so there is no impact on the ONAP CLI. | Not applicable |
Discussion over ONAP mailing list, pls find here.