-
Bug
-
Resolution: Done
-
Medium
-
Istanbul Release
-
None
so
Status | Priority | Component name and version | CVE | Threat level | Recommended version | Project’s assessment |
Log4j : log4j : 1.2.17 | CVE-2019-17571 SONATYPE-2010-0053 |
9 7 |
org.apache.logging.log4j : log4j-core 2.14.1 | Its transitive dependency of org.onap.aaf.authz:aaf-misc-env:jar:2.1.21:runtime | ||
OPEN | 1 | org.apache.tomcat : tomcat-catalina : 9.0.30 | CVE-2020-9484 CVE-2021-24122 |
7 5 |
10.0.5 | Build failed after upgrade to 10.0.5 |
OPEN | 2 | org.exist-db.thirdparty.xerces : xercesImpl : 2.12.0 | SONATYPE-2017-0348 | 5 | 2.12.1 | citrus-core:jar:2.8.0 Internal dependency |
OPEN | 2 | org.glassfish.jersey.core : jersey-common : 2.22.1 | CVE-2021-28168 | 5 | 3.0.2 | Internal dependency from jersey-client:jar:2.26 |
OPEN | 2 | org.glassfish.jersey.core : jersey-common : 2.30.1 | CVE-2021-28168 | 5 | 3.0.2 | Internal dependency from jersey-client:jar:2.26 |