Uploaded image for project: 'Service Design and Creation'
  1. Service Design and Creation
  2. SDC-1724

fix security vilation CVE-2018-8039

XMLWordPrintable

      LF CLM report identified a vulnerability in the flowing dependency:

      group: org.apache.cxf

      Artifact: cxf-rt-transports-http

      this dependency was identified in:

       

      **Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:action-library-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:onboarding-be:war:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:validation-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-license-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vendor-software-products-rest-types:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc.onboarding:vnf-repository-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:application-config-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:conflict-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:healthcheck-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:item-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:notifications-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:3.1.8 located at Module org.openecomp.sdc:togglz-rest-services:jar:1.3.0-SNAPSHOT

      Dependency org.apache.cxf:cxf-rt-transports-http:jar:2.2.2 located at Module org.openecomp.sdc.onboarding:notifications-fe:war:1.3.0-SNAPSHOT

       

       

      the closest version with a fix is 3.1.16

       

       

       

       

       

            vempo vempo
            ml636r ml636r
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: