chore(findings): appgate/sdp-headless-driver

Summary

appgate/sdp-headless-driver has 58 new findings discovered during continuous monitoring.

Layer: opensource/debian/debian:12.7 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=appgate/sdp-headless-driver&tag=6.3&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2007-4559	Anchore CVE	Medium	python-3.11.2	0.90664	false
CVE-2023-45288	Anchore CVE	High	stdlib-go1.21.5	0.67599	false
CVE-2024-28085	Anchore CVE	Low	util-linux-2.38.1	0.10284	false
CVE-2024-24787	Anchore CVE	Medium	stdlib-go1.21.5	0.01583	false
CVE-2024-6232	Anchore CVE	High	python-3.11.2	0.01519	false
CVE-2024-24784	Anchore CVE	High	stdlib-go1.21.5	0.01498	false
CVE-2023-24329	Anchore CVE	High	python-3.11.2	0.01309	false
CVE-2024-4032	Anchore CVE	High	python-3.11.2	0.00735	false
CVE-2025-0938	Anchore CVE	Medium	python-3.11.2	0.00715	false
CVE-2024-9143	Anchore CVE	Medium	openssl-3.0.15	0.00652	false
CVE-2024-24791	Anchore CVE	High	stdlib-go1.21.5	0.00618	false
CVE-2024-7592	Anchore CVE	High	python-3.11.2	0.00468	false
CVE-2023-45289	Anchore CVE	Medium	stdlib-go1.21.5	0.00409	false
CVE-2024-24783	Anchore CVE	Medium	stdlib-go1.21.5	0.00401	false
CVE-2023-45290	Anchore CVE	Medium	stdlib-go1.21.5	0.00362	false
CVE-2024-11168	Anchore CVE	Medium	python-3.11.2	0.00278	false
CVE-2023-40217	Anchore CVE	Medium	python-3.11.2	0.00266	false
CVE-2024-24785	Anchore CVE	Medium	stdlib-go1.21.5	0.00246	false
CVE-2024-0397	Anchore CVE	High	python-3.11.2	0.00226	false
CVE-2025-1795	Anchore CVE	Low	python-3.11.2	0.00184	false
CVE-2024-34156	Anchore CVE	High	stdlib-go1.21.5	0.00178	false
CVE-2024-0450	Anchore CVE	Medium	python-3.11.2	0.00173	false
CVE-2023-41105	Anchore CVE	High	python-3.11.2	0.00152	false
CVE-2025-4517	Anchore CVE	Critical	python-3.11.2	0.00146	false
CVE-2023-31437	Anchore CVE	Low	systemd-252.31-1~deb12u1	0.00128	false
CVE-2025-4330	Anchore CVE	High	python-3.11.2	0.00120	false
CVE-2023-27043	Anchore CVE	Medium	python-3.11.2	0.00117	false
CVE-2024-34155	Anchore CVE	Medium	stdlib-go1.21.5	0.00115	false
CVE-2025-4138	Anchore CVE	High	python-3.11.2	0.00100	false
CVE-2023-31438	Anchore CVE	Low	systemd-252.31-1~deb12u1	0.00100	false
CVE-2024-12718	Anchore CVE	Medium	python-3.11.2	0.00097	false
CVE-2025-8194	Anchore CVE	High	python-3.11.2	0.00096	false
CVE-2023-31439	Anchore CVE	Low	systemd-252.31-1~deb12u1	0.00094	false
CVE-2024-8088	Anchore CVE	High	python-3.11.2	0.00091	false
CVE-2025-6069	Anchore CVE	Medium	python-3.11.2	0.00090	false
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.21.5	0.00090	false
CVE-2024-24790	Twistlock CVE	Critical	net/netip-1.21.5	0.00090	false
CVE-2024-6923	Anchore CVE	Medium	python-3.11.2	0.00089	false
CVE-2024-34158	Anchore CVE	High	stdlib-go1.21.5	0.00082	false
CVE-2024-13176	Anchore CVE	Medium	openssl-3.0.15	0.00080	false
CVE-2023-6597	Anchore CVE	High	python-3.11.2	0.00079	false
CVE-2024-50602	Anchore CVE	Medium	python-3.11.2	0.00068	false
CVE-2025-4435	Anchore CVE	High	python-3.11.2	0.00067	false
CVE-2013-4392	Anchore CVE	Low	systemd-252.31-1~deb12u1	0.00067	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.5	0.00054	false
CVE-2024-48924	Twistlock CVE	Medium	messagepack-2.5.108	0.00049	false
CVE-2024-9287	Anchore CVE	High	python-3.11.2	0.00048	false
CVE-2024-45336	Anchore CVE	Medium	stdlib-go1.21.5	0.00041	false
CVE-2025-4598	Anchore CVE	Medium	systemd-252.31-1~deb12u1	0.00037	false
CVE-2024-45341	Anchore CVE	Medium	stdlib-go1.21.5	0.00032	false
CVE-2025-4516	Anchore CVE	Medium	python-3.11.2	0.00021	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.5	0.00019	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.5	0.00013	false
CVE-2025-22866	Anchore CVE	Medium	stdlib-go1.21.5	0.00012	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.5	0.00006	false
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.21.5	0.00006	false
b1ef7d65d0170c3b0311b319febeabf4	Anchore Compliance	Critical		N/A	N/A
GHSA-4qm4-8hg2-g2xm	Anchore CVE	Medium	MessagePack-2.5.108	N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=appgate/sdp-headless-driver&tag=6.3&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 05, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): appgate/sdp-headless-driver

Summary

Tasks

Questions?