chore(findings): aiml/r/rstudio
Summary
aiml/r/rstudio has 54 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-41902 | Twistlock CVE | Critical | tensorflow-2.10.0 |
CVE-2022-41900 | Twistlock CVE | Critical | tensorflow-2.10.0 |
CVE-2022-41911 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41910 | Twistlock CVE | Critical | tensorflow-2.10.0 |
CVE-2022-41909 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41908 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41907 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41901 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41899 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41898 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41897 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41896 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41895 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41893 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41891 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41890 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41889 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41888 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41887 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41886 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41884 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41883 | Twistlock CVE | High | tensorflow-2.10.0 |
CVE-2022-41880 | Twistlock CVE | Critical | tensorflow-2.10.0 |
CVE-2022-41894 | Twistlock CVE | High | tensorflow-2.10.0 |
GHSA-xf83-q765-xm6m | Twistlock CVE | Low | tensorflow-2.10.0 |
GHSA-cqvq-fvhr-v6hc | Twistlock CVE | Low | tensorflow-2.10.0 |
GHSA-66vq-54fq-6jvv | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-g9fm-r5mm-rf9f | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-gq2j-cr96-gvqx | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-8fvv-46hw-vpg3 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-jq6x-99hj-q636 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-6x99-gv2v-q76v | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-cqvq-fvhr-v6hc | Anchore CVE | Low | tensorflow-2.10.0 |
GHSA-368v-7v32-52fx | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-f2w8-jw48-fr7j | Anchore CVE | Medium | tensorflow-2.10.0 |
CVE-2022-45061 | Anchore CVE | High | python-3.8.15 |
GHSA-rjx6-v474-2ch9 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-xvwp-h6jv-7472 | Anchore CVE | High | tensorflow-2.10.0 |
GHSA-xf83-q765-xm6m | Anchore CVE | Low | tensorflow-2.10.0 |
GHSA-8w5g-3wcv-9g2j | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-w58w-79xv-6vcj | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-frqp-wp83-qggv | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-67pf-62xr-q35m | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-xxcj-rhqg-m46g | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-54pp-c6pp-7fpx | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-cg88-rpvp-cjv5 | Anchore CVE | High | tensorflow-2.10.0 |
GHSA-h246-cgh4-7475 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-hq7g-wwwp-q46h | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-27rc-728f-x5w2 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-mv77-9g28-cwg3 | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-pf36-r9c6-h97j | Anchore CVE | Medium | tensorflow-2.10.0 |
GHSA-rmg2-f698-wq35 | Anchore CVE | Medium | tensorflow-2.10.0 |
CVE-2022-37454 | Anchore CVE | Critical | python-3.8.15 |
GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2022.9.24 |
VAT: https://vat.dso.mil/vat/image?imageName=aiml/r/rstudio&tag=2022.07.2-576&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/aiml/rstudio/rstudio/-/jobs/16070711
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.