chore(findings): atlassian/jira-data-center/jira-node
Summary
atlassian/jira-data-center/jira-node has 555 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-64xx-cq4q-mf44 | Anchore CVE | High | xstream-1.4.17 |
GHSA-w9p3-5cr8-m3jj | Anchore CVE | High | log4j-1.2.17-atlassian-3 |
GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.7 |
GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.5 |
GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.5 |
GHSA-xw4p-crpj-vjx2 | Anchore CVE | High | xstream-1.4.17 |
GHSA-p8pq-r894-fm8f | Anchore CVE | High | xstream-1.4.17 |
GHSA-64xx-cq4q-mf44 | Anchore CVE | High | xstream-1.4.17 |
GHSA-rmr5-cpv2-vgjf | Anchore CVE | High | xstream-1.4.17 |
GHSA-h7v4-7xg3-hxcc | Anchore CVE | High | xstream-1.4.17 |
GHSA-64xx-cq4q-mf44 | Anchore CVE | High | xstream-1.4.17 |
GHSA-6wf9-jmg9-vxcc | Anchore CVE | Medium | xstream-1.4.17 |
GHSA-h7v4-7xg3-hxcc | Anchore CVE | High | xstream-1.4.17 |
GHSA-hph2-m3g5-xxv4 | Anchore CVE | High | xstream-1.4.17 |
GHSA-hph2-m3g5-xxv4 | Anchore CVE | High | xstream-1.4.17 |
GHSA-6w62-hx7r-mw68 | Anchore CVE | High | xstream-1.4.17 |
GHSA-3ccq-5vw3-2p6x | Anchore CVE | High | xstream-1.4.17 |
GHSA-rpr3-cw39-3pxh | Anchore CVE | High | jackson-databind-2.3.3 |
GHSA-6w62-hx7r-mw68 | Anchore CVE | High | xstream-1.4.17 |
GHSA-65fg-84f6-3jq3 | Anchore CVE | Critical | log4j-1.2.17-atlassian-3 |
CVE-2022-2048 | Anchore CVE | High | jetty-http-8.1.15.v20140411 |
GHSA-j9h8-phrw-h4fh | Anchore CVE | High | xstream-1.4.17 |
GHSA-6w62-hx7r-mw68 | Anchore CVE | High | xstream-1.4.17 |
GHSA-rpr3-cw39-3pxh | Anchore CVE | High | jackson-databind-2.9.9 |
GHSA-g5w6-mrj7-75h2 | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-33879 | Anchore CVE | Low | tika-core-1.23 |
CVE-2022-2047 | Anchore CVE | Low | jetty-server-8.1.15.v20140411 |
CVE-2022-2047 | Anchore CVE | Low | jetty-io-8.1.15.v20140411 |
GHSA-cxfm-5m4g-x7xp | Anchore CVE | High | xstream-1.4.17 |
GHSA-qrx8-8545-4wg2 | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-2048 | Anchore CVE | High | jetty-io-8.1.15.v20140411 |
GHSA-6wf9-jmg9-vxcc | Anchore CVE | Medium | xstream-1.4.17 |
GHSA-xw4p-crpj-vjx2 | Anchore CVE | High | xstream-1.4.17 |
CVE-2020-9493 | Anchore CVE | Critical | log4j-1.2.17-atlassian-3 |
GHSA-cvvx-r33m-v7pq | Anchore CVE | High | struts-core-1.3.8 |
GHSA-8jrj-525p-826v | Anchore CVE | High | xstream-1.4.17 |
GHSA-j9h8-phrw-h4fh | Anchore CVE | High | xstream-1.4.17 |
GHSA-8jrj-525p-826v | Anchore CVE | High | xstream-1.4.17 |
GHSA-2q8x-2p7f-574v | Anchore CVE | High | xstream-1.4.17 |
GHSA-2q8x-2p7f-574v | Anchore CVE | High | xstream-1.4.17 |
GHSA-xw4p-crpj-vjx2 | Anchore CVE | High | xstream-1.4.17 |
GHSA-cxfm-5m4g-x7xp | Anchore CVE | High | xstream-1.4.17 |
GHSA-5ggr-mpgw-3mgx | Anchore CVE | High | struts-core-1.3.8 |
GHSA-cxfm-5m4g-x7xp | Anchore CVE | High | xstream-1.4.17 |
GHSA-6wf9-jmg9-vxcc | Anchore CVE | Medium | xstream-1.4.17 |
GHSA-h7v4-7xg3-hxcc | Anchore CVE | High | xstream-1.4.17 |
GHSA-c28r-hw5m-5gv3 | Anchore CVE | High | aws-java-sdk-s3-1.11.310 |
GHSA-pjch-4g28-fxx7 | Anchore CVE | Critical | imageio-metadata-3.4.1 |
GHSA-3ccq-5vw3-2p6x | Anchore CVE | High | xstream-1.4.17 |
GHSA-qrx8-8545-4wg2 | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-2048 | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
GHSA-7jw3-5q4w-89qg | Anchore CVE | High | struts-core-1.3.8 |
GHSA-cj7v-27pg-wf7q | Anchore CVE | Low | jetty-http-8.1.15.v20140411 |
GHSA-3ccq-5vw3-2p6x | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-2048 | Anchore CVE | High | jetty-servlet-8.1.15.v20140411 |
GHSA-g5w6-mrj7-75h2 | Anchore CVE | High | xstream-1.4.17 |
GHSA-p8pq-r894-fm8f | Anchore CVE | High | xstream-1.4.17 |
GHSA-qrx8-8545-4wg2 | Anchore CVE | High | xstream-1.4.17 |
GHSA-fp5r-v3w9-4333 | Anchore CVE | High | log4j-1.2.17-atlassian-3 |
GHSA-g5w6-mrj7-75h2 | Anchore CVE | High | xstream-1.4.17 |
GHSA-j9h8-phrw-h4fh | Anchore CVE | High | xstream-1.4.17 |
GHSA-8jrj-525p-826v | Anchore CVE | High | xstream-1.4.17 |
GHSA-2q8x-2p7f-574v | Anchore CVE | High | xstream-1.4.17 |
GHSA-hph2-m3g5-xxv4 | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-2047 | Anchore CVE | Low | jetty-servlet-8.1.15.v20140411 |
CVE-2022-33879 | Anchore CVE | Low | tika-core-1.22 |
GHSA-p8pq-r894-fm8f | Anchore CVE | High | xstream-1.4.17 |
CVE-2022-22970 | Anchore CVE | Medium | spring-core-5.3.19 |
CVE-2022-22971 | Anchore CVE | Medium | spring-core-5.3.19 |
CVE-2022-26136 | Anchore CVE | Critical | crowd-api-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-query-language-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-integration-client-rest-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-core-tiny-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-integration-api-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-query-language-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-rest-application-management-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-core-tiny-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-server-common-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-integration-client-rest-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-rest-application-management-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-server-common-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-server-api-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-remote-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-server-api-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-remote-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-password-encoders-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-events-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-core-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-azure-ad-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-synchronisation-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-core-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-persistence-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-synchronisation-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-ldap-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-azure-ad-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-integration-seraph-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-ldap-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-integration-seraph-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-api-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-events-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-integration-client-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-password-encoders-4.3.6-df99201870d |
CVE-2022-26136 | Anchore CVE | Critical | crowd-persistence-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-integration-client-common-4.3.6-df99201870d |
CVE-2022-26137 | Anchore CVE | High | crowd-integration-api-4.3.6-df99201870d |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.14.2 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.10.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.10.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.10.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.13.1 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-gp7f-rwcx-9369 | Anchore CVE | Medium | jsoup-1.8.3 |
GHSA-56h3-78gp-v83r | Anchore CVE | Medium | jettison-1.1 |
GHSA-56h3-78gp-v83r | Anchore CVE | Medium | jettison-1.1 |
GHSA-56h3-78gp-v83r | Anchore CVE | Medium | jettison-1.1 |
GHSA-x27m-9w8j-5vcw | Anchore CVE | High | jettison-1.1 |
GHSA-x27m-9w8j-5vcw | Anchore CVE | High | jettison-1.1 |
GHSA-x27m-9w8j-5vcw | Anchore CVE | High | jettison-1.1 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.1 |
GHSA-h4h5-3hr4-j3g2 | Anchore CVE | Medium | protobuf-java-3.14.0 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.1 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.12.1 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.10.2 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.11.0 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.12.1 |
GHSA-h4h5-3hr4-j3g2 | Anchore CVE | Medium | protobuf-java-3.4.0 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.3.3 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.9.9 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.5 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.7 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.5 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.6 |
GHSA-3f7h-mf4q-vrm4 | Anchore CVE | Medium | woodstox-core-5.2.1 |
CVE-2015-20107 | Twistlock CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2017-7658 | Twistlock CVE | Critical | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2017-7657 | Twistlock CVE | Critical | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.6 |
CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.7 |
CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.5 |
CVE-2021-23792 | Twistlock CVE | Critical | com.twelvemonkeys.imageio_imageio-metadata-3.4.1 |
CVE-2020-10683 | Twistlock CVE | Critical | dom4j_dom4j-1.4.1 |
CVE-2019-13990 | Twistlock CVE | Critical | org.quartz-scheduler_quartz-1.7.3 |
CVE-2017-7657 | Twistlock CVE | Critical | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2022-43782 | Anchore CVE | Critical | crowd-ldap-4.3.6-df99201870d |
GHSA-f7vh-qwp3-x37m | Anchore CVE | Critical | log4j-1.2.17-atlassian-16 |
CVE-2022-43782 | Anchore CVE | Critical | crowd-integration-client-common-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-core-tiny-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-synchronisation-4.3.6-df99201870d |
GHSA-f7vh-qwp3-x37m | Anchore CVE | Critical | log4j-1.2.17-atlassian-3 |
CVE-2022-43782 | Anchore CVE | Critical | crowd-core-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-server-common-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-api-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-query-language-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-password-encoders-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-integration-api-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
GHSA-f7vh-qwp3-x37m | Anchore CVE | Critical | log4j-1.2.17 |
CVE-2022-43782 | Anchore CVE | Critical | crowd-integration-seraph-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-server-api-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-integration-client-rest-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-rest-application-management-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-persistence-4.3.6-df99201870d |
GHSA-f7vh-qwp3-x37m | Anchore CVE | Critical | log4j-1.2.17-atlassian-3 |
CVE-2022-43782 | Anchore CVE | Critical | crowd-events-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-remote-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-common-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-rest-common-4.3.6-df99201870d |
CVE-2022-43782 | Anchore CVE | Critical | crowd-azure-ad-4.3.6-df99201870d |
GHSA-cgp8-4m63-fhh5 | Anchore CVE | Medium | commons-net-3.8.0 |
CVE-2022-45868 | Anchore CVE | High | h2-1.4.200 |
GHSA-g5ww-5jh7-63cx | Anchore CVE | High | protobuf-java-3.14.0 |
GHSA-g5ww-5jh7-63cx | Anchore CVE | High | protobuf-java-3.4.0 |
CVE-2022-45061 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3737 | Anchore CVE | Low | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-0391 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2007-4559 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3733 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2015-20107 | Anchore CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
GHSA-4gg5-vx3j-xwc7 | Anchore CVE | High | protobuf-java-3.4.0 |
GHSA-4gg5-vx3j-xwc7 | Anchore CVE | High | protobuf-java-3.14.0 |
GHSA-j563-grx4-pjpv | Anchore CVE | High | xstream-1.4.16 |
GHSA-j563-grx4-pjpv | Anchore CVE | High | xstream-1.4.17 |
GHSA-j563-grx4-pjpv | Anchore CVE | High | xstream-1.4.17 |
GHSA-j563-grx4-pjpv | Anchore CVE | High | xstream-1.4.17 |
GHSA-f8cc-g7j8-xxpm | Anchore CVE | High | xstream-1.4.17 |
GHSA-f8cc-g7j8-xxpm | Anchore CVE | High | xstream-1.4.17 |
GHSA-f8cc-g7j8-xxpm | Anchore CVE | High | xstream-1.4.16 |
GHSA-f8cc-g7j8-xxpm | Anchore CVE | High | xstream-1.4.17 |
GHSA-grr4-wv38-f68w | Anchore CVE | High | jettison-1.1 |
GHSA-grr4-wv38-f68w | Anchore CVE | High | jettison-1.1 |
GHSA-grr4-wv38-f68w | Anchore CVE | High | jettison-1.1 |
GHSA-7rf3-mqpx-h7xg | Anchore CVE | High | jettison-1.1 |
GHSA-7rf3-mqpx-h7xg | Anchore CVE | High | jettison-1.1 |
GHSA-7rf3-mqpx-h7xg | Anchore CVE | High | jettison-1.1 |
GHSA-2pj2-gchf-wmw7 | Anchore CVE | Medium | zip4j-1.3.3 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.3.3 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.3.3 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.3.3 |
GHSA-6x9x-8qw9-9pp6 | Anchore CVE | Critical | jetty-server-8.1.15.v20140411 |
CVE-2023-26464 | Anchore CVE | High | log4j-1.2.17-atlassian-16 |
CVE-2023-26464 | Anchore CVE | High | log4j-1.2.17-atlassian-3 |
CVE-2023-26464 | Anchore CVE | High | log4j-1.2.17 |
CVE-2023-26464 | Anchore CVE | High | log4j-1.2.17-atlassian-3 |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.11.0 |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.12.1 |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.10.2 |
GHSA-q6g2-g7f3-rr83 | Anchore CVE | High | jettison-1.1 |
GHSA-q6g2-g7f3-rr83 | Anchore CVE | High | jettison-1.1 |
GHSA-q6g2-g7f3-rr83 | Anchore CVE | High | jettison-1.1 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.3 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.2 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.7 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.7 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.1 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.3 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.3 |
CVE-2023-20861 | Anchore CVE | Medium | spring-core-5.3.19 |
CVE-2022-42003 | Anchore CVE | High | jackson-databind-2.3.3 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.11.0 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.9.9 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.10.2 |
CVE-2023-28867 | Anchore CVE | High | graphql-java-13.0 |
CVE-2023-20860 | Anchore CVE | High | spring-core-5.3.19 |
GHSA-3vqj-43w4-2q58 | Anchore CVE | High | json-20070829 |
GHSA-p26g-97m4-6q7c | Anchore CVE | Low | jetty-server-8.1.15.v20140411 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.9.9 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.1 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.1 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.10.2 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.0 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.1 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.0 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.1 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.10.2 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.9.9 |
CVE-2022-40152 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.16 |
CVE-2022-40152 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.17 |
CVE-2022-40151 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.16 |
CVE-2022-40151 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.17 |
CVE-2022-2048 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2017-9735 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2017-7656 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2022-31159 | Twistlock CVE | High | com.amazonaws_aws-java-sdk-s3-1.11.310 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.6 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.7 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.5 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.7 |
CVE-2021-40690 | Twistlock CVE | High | org.apache.santuario_xmlsec-2.2.0 |
CVE-2021-40690 | Twistlock CVE | High | org.apache.santuario_xmlsec-1.5.6 |
CVE-2021-31684 | Twistlock CVE | High | net.minidev_json-smart-1.3.1 |
CVE-2021-31684 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 |
CVE-2021-22569 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.14.0 |
CVE-2021-22569 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.4.0 |
CVE-2020-13936 | Twistlock CVE | High | org.apache.velocity_velocity-1.6.4 |
CVE-2020-10650 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.9.9 |
CVE-2020-10650 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2018-1000632 | Twistlock CVE | High | dom4j_dom4j-1.4.1 |
CVE-2017-7656 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2015-2080 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2022-36033 | Twistlock CVE | Medium | org.jsoup_jsoup-1.8.3 |
CVE-2022-36033 | Twistlock CVE | Medium | org.jsoup_jsoup-1.14.2 |
CVE-2022-36033 | Twistlock CVE | Medium | org.jsoup_jsoup-1.13.1 |
CVE-2022-36033 | Twistlock CVE | Medium | org.jsoup_jsoup-1.10.3 |
PRISMA-2021-0182 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-servlet-8.1.15 |
PRISMA-2021-0182 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2021-28169 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2022-40149 | Twistlock CVE | Medium | org.codehaus.jettison_jettison-1.1 |
CVE-2022-3171 | Twistlock CVE | Medium | com.google.protobuf_protobuf-java-3.14.0 |
CVE-2022-3171 | Twistlock CVE | Medium | com.google.protobuf_protobuf-java-3.4.0 |
CVE-2022-29577 | Twistlock CVE | Medium | org.owasp.antisamy_antisamy-1.5.8 |
CVE-2022-28367 | Twistlock CVE | Medium | org.owasp.antisamy_antisamy-1.5.8 |
CVE-2022-24615 | Twistlock CVE | Medium | net.lingala.zip4j_zip4j-1.3.3 |
CVE-2022-23437 | Twistlock CVE | Medium | xerces_xercesImpl-2.12.1 |
CVE-2021-35043 | Twistlock CVE | Medium | org.owasp.antisamy_antisamy-1.5.8 |
CVE-2020-15250 | Twistlock CVE | Medium | junit_junit-4.12 |
CVE-2019-10247 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2019-10241 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2021-34428 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2022-33879 | Twistlock CVE | Low | org.apache.tika_tika-core-1.23 |
CVE-2022-33879 | Twistlock CVE | Low | org.apache.tika_tika-core-1.22 |
CVE-2022-2047 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2022-40152 | Twistlock CVE | Medium | com.fasterxml.woodstox_woodstox-core-5.2.1 |
CVE-2022-40150 | Twistlock CVE | High | org.codehaus.jettison_jettison-1.1 |
CVE-2022-2047 | Twistlock CVE | Low | org.eclipse.jetty_jetty-http-8.1.15 |
CVE-2021-34428 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2022-45061 | Twistlock CVE | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-37533 | Twistlock CVE | Medium | commons-net_commons-net-3.8.0 |
CVE-2022-3509 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.14.0 |
CVE-2022-3509 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.4.0 |
CVE-2022-3510 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.14.0 |
CVE-2022-3510 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.4.0 |
CVE-2022-41966 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.16 |
CVE-2022-41966 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.17 |
CVE-2022-45693 | Twistlock CVE | High | org.codehaus.jettison_jettison-1.1 |
CVE-2022-45685 | Twistlock CVE | High | org.codehaus.jettison_jettison-1.1 |
CVE-2023-22899 | Twistlock CVE | Medium | net.lingala.zip4j_zip4j-1.3.3 |
CVE-2017-7658 | Twistlock CVE | Critical | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2023-26464 | Twistlock CVE | High | log4j_log4j-1.2.17 |
CVE-2021-46877 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.0 |
CVE-2021-46877 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.12.1 |
CVE-2021-46877 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.10.2 |
CVE-2023-1436 | Twistlock CVE | High | org.codehaus.jettison_jettison-1.1 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-1.3.1 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-1.3.3 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-2.3 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 |
CVE-2022-22978 | Twistlock CVE | Critical | spring-security-core-5.4.5 |
CVE-2020-1938 | Twistlock CVE | Critical | tomcat-util-8.5 |
CVE-2018-8014 | Twistlock CVE | Critical | tomcat-util-8.5 |
CVE-2016-8735 | Twistlock CVE | Critical | tomcat-util-8.5 |
CVE-2016-1000027 | Twistlock CVE | Critical | spring-web-5.3.19 |
CVE-2017-5648 | Twistlock CVE | Critical | tomcat-util-8.5 |
CVE-2016-5018 | Twistlock CVE | Critical | tomcat-util-8.5 |
CVE-2022-23221 | Twistlock CVE | Critical | h2-1.4.200 |
CVE-2021-42392 | Twistlock CVE | Critical | h2-1.4.200 |
CVE-2022-25762 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2017-12617 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-5388 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2023-20860 | Twistlock CVE | High | spring-web-5.3.19 |
CVE-2023-20860 | Twistlock CVE | High | spring-core-5.3.19 |
CVE-2022-42252 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2021-41079 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2021-25122 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2021-22119 | Twistlock CVE | High | spring-security-core-5.4.5 |
CVE-2020-13935 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2020-11996 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2019-17563 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2019-10072 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2019-0199 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2018-8034 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2018-1336 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2017-5664 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2017-5647 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-8745 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-6817 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-6797 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-6796 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-3092 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2016-1000343 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000342 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000338 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000352 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000344 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-6816 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2023-28867 | Twistlock CVE | High | graphql-java-13.0 |
CVE-2022-37734 | Twistlock CVE | High | graphql-java-13.0 |
CVE-2022-31197 | Twistlock CVE | High | org.postgresql_postgresql-42.2.23 |
CVE-2022-21724 | Twistlock CVE | High | org.postgresql_postgresql-42.2.23 |
CVE-2021-25329 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2021-23463 | Twistlock CVE | High | h2-1.4.200 |
CVE-2020-9484 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2019-12418 | Twistlock CVE | High | tomcat-util-8.5 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-core-5.3.19 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-web-5.3.19 |
CVE-2022-22971 | Twistlock CVE | Medium | spring-core-5.3.19 |
CVE-2022-22971 | Twistlock CVE | Medium | spring-web-5.3.19 |
CVE-2021-30640 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2018-1305 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2019-0221 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2021-24122 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2019-2684 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2018-1304 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2017-13098 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000345 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-1000341 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2016-0762 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2022-22976 | Twistlock CVE | Medium | spring-security-core-5.4.5 |
CVE-2022-22970 | Twistlock CVE | Medium | spring-core-5.3.19 |
CVE-2022-22970 | Twistlock CVE | Medium | spring-web-5.3.19 |
CVE-2021-33037 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2016-6794 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2016-1000339 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2020-1935 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2023-28708 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2020-13943 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2018-11784 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2017-7674 | Twistlock CVE | Medium | tomcat-util-8.5 |
GHSA-673j-qm5f-xpv8 | Twistlock CVE | Medium | org.postgresql_postgresql-42.2.23 |
CVE-2022-41946 | Twistlock CVE | Medium | org.postgresql_postgresql-42.2.23 |
CVE-2022-24329 | Twistlock CVE | Medium | kotlin-stdlib-1.4.10 |
CVE-2020-29582 | Twistlock CVE | Medium | kotlin-stdlib-1.4.10 |
CVE-2020-15522 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2021-43980 | Twistlock CVE | Low | tomcat-util-8.5 |
CVE-2016-1000346 | Twistlock CVE | Low | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2023-20863 | Twistlock CVE | Medium | spring-core-5.3.19 |
CVE-2023-26049 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-8.1.15 |
GHSA-qw69-rqj8-6qw8 | Anchore CVE | Medium | jetty-server-8.1.15.v20140411 |
CVE-2023-20863 | Anchore CVE | Medium | spring-core-5.3.19 |
CVE-2022-45064 | Anchore CVE | Critical | org.apache.sling.commons.osgi-2.0.4-incubator |
CVE-2022-45064 | Anchore CVE | Critical | org.apache.sling.commons.osgi-2.0.4-incubator |
CVE-2023-26049 | Anchore CVE | Medium | jetty-io-8.1.15.v20140411 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-servlet-8.1.15.v20140411 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-security-8.1.15.v20140411 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-http-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-servlet-8.1.15.v20140411 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-continuation-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-security-8.1.15.v20140411 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-continuation-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-io-8.1.15.v20140411 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-http-8.1.15.v20140411 |
GHSA-6phf-6h5g-97j2 | Anchore CVE | High | sqlite-jdbc-3.34.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-26.0-jre |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-18.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-18.0 |
CVE-2023-34396 | Anchore CVE | High | struts-tiles-1.3.8 |
CVE-2023-34396 | Anchore CVE | High | struts-taglib-1.3.8 |
CVE-2023-34149 | Anchore CVE | Medium | struts-core-1.3.8 |
CVE-2023-34396 | Anchore CVE | High | struts-core-1.3.8 |
CVE-2023-34149 | Anchore CVE | Medium | struts-tiles-1.3.8 |
CVE-2023-34149 | Anchore CVE | Medium | struts-taglib-1.3.8 |
CVE-2023-34454 | Anchore CVE | High | snappy-java-1.1.7.1 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.3.3 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.1 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.9.9 |
CVE-2023-34454 | Anchore CVE | High | snappy-java-1.1.7.3 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.11.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.12.1 |
CVE-2023-34453 | Anchore CVE | High | snappy-java-1.1.7.3 |
CVE-2023-34455 | Anchore CVE | High | snappy-java-1.1.7.1 |
CVE-2023-34455 | Anchore CVE | High | snappy-java-1.1.7.3 |
CVE-2023-34453 | Anchore CVE | High | snappy-java-1.1.7.1 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.10.2 |
CVE-2023-2976 | Anchore CVE | High | guava-rate-limiter-15.0-atlassian-1 |
CVE-2020-23064 | Anchore CVE | Medium | jquery-2.2.4.10 |
CVE-2020-23064 | Anchore CVE | Medium | jquery-2.2.4.7 |
CVE-2020-23064 | Anchore CVE | Medium | jquery-2.2.4 |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.14.0 |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.4.0 |
GHSA-wfcc-pff6-rgc5 | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
CVE-2021-22119 | Anchore CVE | High | spring-security-core-5.4.5 |
CVE-2022-22976 | Anchore CVE | Medium | spring-security-core-5.4.5 |
CVE-2022-22978 | Anchore CVE | Critical | spring-security-core-5.4.5 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-bridge-1.14 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-transcoder-1.14 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-transcoder-1.14 |
GHSA-qw3f-w4pf-jh5f | Anchore CVE | Medium | tika-core-1.22 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-bridge-1.14 |
GHSA-qw3f-w4pf-jh5f | Anchore CVE | Medium | tika-core-1.23 |
GHSA-2474-2566-3qxp | Anchore CVE | Medium | batik-script-1.14 |
GHSA-2474-2566-3qxp | Anchore CVE | Medium | batik-script-1.14 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-jdbc-8.5.78 |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.3.3 |
CVE-2023-43642 | Anchore CVE | High | snappy-java-1.1.7.1 |
GHSA-26vr-8j45-3r4w | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
CVE-2021-28165 | Anchore CVE | High | jetty-io-8.1.15.v20140411 |
CVE-2023-43642 | Anchore CVE | High | snappy-java-1.1.7.3 |
GHSA-rhrv-645h-fjfh | Anchore CVE | High | avro-1.7.7 |
GHSA-pcf2-gh6g-h5r2 | Anchore CVE | Medium | antisamy-1.5.8 |
CVE-2023-43804 | Anchore CVE | Medium | platform-python-pip-9.0.3-22.el8 |
CVE-2023-43804 | Anchore CVE | Medium | python3-pip-9.0.3-22.el8 |
GHSA-pcf2-gh6g-h5r2 | Anchore CVE | Medium | antisamy-1.5.8 |
GHSA-rm7j-f5g5-27vv | Anchore CVE | High | json-20070829 |
CVE-2022-33068 | Anchore CVE | Medium | java-11-openjdk-headless-1:11.0.21.0.9-2.el8 |
CVE-2023-2004 | Anchore CVE | Low | java-11-openjdk-headless-1:11.0.21.0.9-2.el8 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2023-20863 | Twistlock CVE | Medium | spring-web-5.3.19 |
CVE-2022-34169 | Twistlock CVE | High | org.apache.xalan_xalan-2.7.2 |
CVE-2023-26049 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-8.1.15 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-8.1.15 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.12.2 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.12.1 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.11.0 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.3.3 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.13.2 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.13.1 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.10.2 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.9.9 |
PRISMA-2023-0069 | Twistlock CVE | Medium | com.fasterxml.jackson.core_jackson-core-2.3.3 |
PRISMA-2023-0068 | Twistlock CVE | Medium | com.fasterxml.jackson.core_jackson-core-2.3.3 |
CVE-2023-24998 | Twistlock CVE | High | commons-fileupload_commons-fileupload-1.3.3 |
CVE-2023-32697 | Twistlock CVE | High | org.xerial_sqlite-jdbc-3.34.0 |
CVE-2017-7525 | Twistlock CVE | Critical | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2017-17485 | Twistlock CVE | Critical | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-18.0 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-26.0 |
CVE-2023-34455 | Twistlock CVE | High | snappy-java-1.1.7.3 |
CVE-2023-34455 | Twistlock CVE | High | org.xerial.snappy_snappy-java-1.1.7.1 |
CVE-2023-34454 | Twistlock CVE | Medium | org.xerial.snappy_snappy-java-1.1.7.1 |
CVE-2023-34454 | Twistlock CVE | Medium | snappy-java-1.1.7.3 |
CVE-2023-34453 | Twistlock CVE | Medium | snappy-java-1.1.7.3 |
CVE-2023-34453 | Twistlock CVE | Medium | org.xerial.snappy_snappy-java-1.1.7.1 |
CVE-2023-34396 | Twistlock CVE | High | org.apache.struts_struts-core-1.3.8 |
CVE-2023-34149 | Twistlock CVE | Medium | org.apache.struts_struts-core-1.3.8 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-2.4.7 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.4.0 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.14.0 |
CVE-2017-9735 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2022-44730 | Twistlock CVE | Medium | org.apache.xmlgraphics_batik-script-1.14 |
CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-bridge-1.14 |
CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-transcoder-1.14 |
CVE-2023-41080 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.68 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.50 |
CVE-2023-43642 | Twistlock CVE | High | org.xerial.snappy_snappy-java-1.1.7.1 |
CVE-2023-43642 | Twistlock CVE | High | snappy-java-1.1.7.3 |
CVE-2021-28165 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2020-17527 | Twistlock CVE | High | tomcat-coyote-8.5 |
CVE-2016-6816 | Twistlock CVE | High | tomcat-coyote-8.5 |
CVE-2020-13943 | Twistlock CVE | Medium | tomcat-coyote-8.5 |
CVE-2023-39410 | Twistlock CVE | High | org.apache.avro_avro-1.7.7 |
CVE-2023-43643 | Twistlock CVE | Medium | org.owasp.antisamy_antisamy-1.5.8 |
CVE-2023-45648 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2023-42795 | Twistlock CVE | Medium | tomcat-util-8.5 |
CVE-2018-25091 | Twistlock CVE | Medium | platform-python-pip-9.0.3-22.el8 |
CVE-2018-25091 | Twistlock CVE | Medium | python3-pip-9.0.3-22.el8 |
CVE-2022-33068 | Twistlock CVE | Medium | java-11-openjdk-headless-11.0.21.0.9-2.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-11-openjdk-headless-11.0.21.0.9-2.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=atlassian/jira-data-center/jira-node&tag=8.20.10&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/atlassian/jira-data-center/8.20/jira-node/-/jobs/23471763
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.