UNCLASSIFIED - NO CUI

Skip to content

chore(findings): aiml/jupyter/jlab-nlp

Summary

aiml/jupyter/jlab-nlp has 56 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-35256 Anchore CVE Medium nodejs-full-i18n-1:16.17.1-1.module+el8.6.0+16848+a483195a
CVE-2022-35256 Anchore CVE Medium nodejs-docs-1:16.17.1-1.module+el8.6.0+16848+a483195a
GHSA-368v-7v32-52fx Anchore CVE Medium tensorflow-2.10.0
GHSA-mv77-9g28-cwg3 Anchore CVE Medium tensorflow-2.10.0
CVE-2022-3352 Anchore CVE Low vim-enhanced-2:8.0.1763-19.el8_6.4
CVE-2022-41858 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
CVE-2022-3566 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
GHSA-frqp-wp83-qggv Anchore CVE Medium tensorflow-2.10.0
CVE-2022-3352 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
GHSA-gq2j-cr96-gvqx Anchore CVE Medium tensorflow-2.10.0
GHSA-66vq-54fq-6jvv Anchore CVE Medium tensorflow-2.10.0
CVE-2022-43945 Anchore CVE High kernel-headers-4.18.0-425.3.1.el8
GHSA-rjx6-v474-2ch9 Anchore CVE Medium tensorflow-2.10.0
CVE-2022-35255 Anchore CVE High nodejs-1:16.17.1-1.module+el8.6.0+16848+a483195a
GHSA-xvwp-h6jv-7472 Anchore CVE High tensorflow-2.10.0
CVE-2022-3625 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
CVE-2022-42895 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
GHSA-hq7g-wwwp-q46h Anchore CVE Medium tensorflow-2.10.0
GHSA-xxcj-rhqg-m46g Anchore CVE Medium tensorflow-2.10.0
CVE-2022-3352 Anchore CVE Low vim-filesystem-2:8.0.1763-19.el8_6.4
GHSA-w58w-79xv-6vcj Anchore CVE Medium tensorflow-2.10.0
GHSA-f2w8-jw48-fr7j Anchore CVE Medium tensorflow-2.10.0
CVE-2022-35256 Anchore CVE Medium nodejs-1:16.17.1-1.module+el8.6.0+16848+a483195a
GHSA-8fvv-46hw-vpg3 Anchore CVE Medium tensorflow-2.10.0
CVE-2022-4129 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
CVE-2022-23824 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
GHSA-pf36-r9c6-h97j Anchore CVE Medium tensorflow-2.10.0
CVE-2022-45061 Anchore CVE High python-3.8.13
CVE-2022-3352 Anchore CVE Low vim-common-2:8.0.1763-19.el8_6.4
GHSA-jq6x-99hj-q636 Anchore CVE Medium tensorflow-2.10.0
GHSA-67pf-62xr-q35m Anchore CVE Medium tensorflow-2.10.0
GHSA-xf83-q765-xm6m Anchore CVE Low tensorflow-2.10.0
GHSA-54pp-c6pp-7fpx Anchore CVE Medium tensorflow-2.10.0
GHSA-cqvq-fvhr-v6hc Anchore CVE Low tensorflow-2.10.0
CVE-2022-3567 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
CVE-2022-35255 Anchore CVE High nodejs-docs-1:16.17.1-1.module+el8.6.0+16848+a483195a
CVE-2022-41222 Anchore CVE High kernel-headers-4.18.0-425.3.1.el8
CVE-2022-3903 Anchore CVE Low kernel-headers-4.18.0-425.3.1.el8
CVE-2022-35255 Anchore CVE High npm-1:8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a
GHSA-27rc-728f-x5w2 Anchore CVE Medium tensorflow-2.10.0
GHSA-g9fm-r5mm-rf9f Anchore CVE Medium tensorflow-2.10.0
CVE-2022-42896 Anchore CVE Medium kernel-headers-4.18.0-425.3.1.el8
CVE-2022-35255 Anchore CVE High nodejs-full-i18n-1:16.17.1-1.module+el8.6.0+16848+a483195a
GHSA-8w5g-3wcv-9g2j Anchore CVE Medium tensorflow-2.10.0
GHSA-cg88-rpvp-cjv5 Anchore CVE High tensorflow-2.10.0
CVE-2022-35256 Anchore CVE Medium npm-1:8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a
GHSA-h246-cgh4-7475 Anchore CVE Medium tensorflow-2.10.0
GHSA-6x99-gv2v-q76v Anchore CVE Medium tensorflow-2.10.0
GHSA-rmg2-f698-wq35 Anchore CVE Medium tensorflow-2.10.0
CVE-2022-45939 Twistlock CVE Medium emacs-filesystem-26.1-7.el8
CVE-2022-4141 Twistlock CVE Low vim-common-8.0.1763-19.el8_6.4
CVE-2022-4141 Twistlock CVE Low vim-filesystem-8.0.1763-19.el8_6.4
CVE-2022-4141 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-4141 Twistlock CVE Low vim-enhanced-8.0.1763-19.el8_6.4
CVE-2022-45939 Anchore CVE Medium emacs-filesystem-1:26.1-7.el8
CVE-2022-4139 Anchore CVE High kernel-headers-4.18.0-425.3.1.el8

VAT: https://vat.dso.mil/vat/image?imageName=aiml/jupyter/jlab-nlp&tag=3.4.4&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/aiml/jupyter/jlab-nlp/-/jobs/16294129

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI