UNCLASSIFIED - NO CUI

Skip to content

chore(findings): atlassian/jira-data-center/jira-node

Summary

atlassian/jira-data-center/jira-node has 555 new findings discovered during continuous monitoring.

id source severity package
GHSA-64xx-cq4q-mf44 Anchore CVE High xstream-1.4.17
GHSA-w9p3-5cr8-m3jj Anchore CVE High log4j-1.2.17-atlassian-3
GHSA-4jrv-ppp4-jm57 Anchore CVE High gson-2.8.7
GHSA-4jrv-ppp4-jm57 Anchore CVE High gson-2.8.5
GHSA-4jrv-ppp4-jm57 Anchore CVE High gson-2.8.5
GHSA-xw4p-crpj-vjx2 Anchore CVE High xstream-1.4.17
GHSA-p8pq-r894-fm8f Anchore CVE High xstream-1.4.17
GHSA-64xx-cq4q-mf44 Anchore CVE High xstream-1.4.17
GHSA-rmr5-cpv2-vgjf Anchore CVE High xstream-1.4.17
GHSA-h7v4-7xg3-hxcc Anchore CVE High xstream-1.4.17
GHSA-64xx-cq4q-mf44 Anchore CVE High xstream-1.4.17
GHSA-6wf9-jmg9-vxcc Anchore CVE Medium xstream-1.4.17
GHSA-h7v4-7xg3-hxcc Anchore CVE High xstream-1.4.17
GHSA-hph2-m3g5-xxv4 Anchore CVE High xstream-1.4.17
GHSA-hph2-m3g5-xxv4 Anchore CVE High xstream-1.4.17
GHSA-6w62-hx7r-mw68 Anchore CVE High xstream-1.4.17
GHSA-3ccq-5vw3-2p6x Anchore CVE High xstream-1.4.17
GHSA-rpr3-cw39-3pxh Anchore CVE High jackson-databind-2.3.3
GHSA-6w62-hx7r-mw68 Anchore CVE High xstream-1.4.17
GHSA-65fg-84f6-3jq3 Anchore CVE Critical log4j-1.2.17-atlassian-3
CVE-2022-2048 Anchore CVE High jetty-http-8.1.15.v20140411
GHSA-j9h8-phrw-h4fh Anchore CVE High xstream-1.4.17
GHSA-6w62-hx7r-mw68 Anchore CVE High xstream-1.4.17
GHSA-rpr3-cw39-3pxh Anchore CVE High jackson-databind-2.9.9
GHSA-g5w6-mrj7-75h2 Anchore CVE High xstream-1.4.17
CVE-2022-33879 Anchore CVE Low tika-core-1.23
CVE-2022-2047 Anchore CVE Low jetty-server-8.1.15.v20140411
CVE-2022-2047 Anchore CVE Low jetty-io-8.1.15.v20140411
GHSA-cxfm-5m4g-x7xp Anchore CVE High xstream-1.4.17
GHSA-qrx8-8545-4wg2 Anchore CVE High xstream-1.4.17
CVE-2022-2048 Anchore CVE High jetty-io-8.1.15.v20140411
GHSA-6wf9-jmg9-vxcc Anchore CVE Medium xstream-1.4.17
GHSA-xw4p-crpj-vjx2 Anchore CVE High xstream-1.4.17
CVE-2020-9493 Anchore CVE Critical log4j-1.2.17-atlassian-3
GHSA-cvvx-r33m-v7pq Anchore CVE High struts-core-1.3.8
GHSA-8jrj-525p-826v Anchore CVE High xstream-1.4.17
GHSA-j9h8-phrw-h4fh Anchore CVE High xstream-1.4.17
GHSA-8jrj-525p-826v Anchore CVE High xstream-1.4.17
GHSA-2q8x-2p7f-574v Anchore CVE High xstream-1.4.17
GHSA-2q8x-2p7f-574v Anchore CVE High xstream-1.4.17
GHSA-xw4p-crpj-vjx2 Anchore CVE High xstream-1.4.17
GHSA-cxfm-5m4g-x7xp Anchore CVE High xstream-1.4.17
GHSA-5ggr-mpgw-3mgx Anchore CVE High struts-core-1.3.8
GHSA-cxfm-5m4g-x7xp Anchore CVE High xstream-1.4.17
GHSA-6wf9-jmg9-vxcc Anchore CVE Medium xstream-1.4.17
GHSA-h7v4-7xg3-hxcc Anchore CVE High xstream-1.4.17
GHSA-c28r-hw5m-5gv3 Anchore CVE High aws-java-sdk-s3-1.11.310
GHSA-pjch-4g28-fxx7 Anchore CVE Critical imageio-metadata-3.4.1
GHSA-3ccq-5vw3-2p6x Anchore CVE High xstream-1.4.17
GHSA-qrx8-8545-4wg2 Anchore CVE High xstream-1.4.17
CVE-2022-2048 Anchore CVE High jetty-server-8.1.15.v20140411
GHSA-7jw3-5q4w-89qg Anchore CVE High struts-core-1.3.8
GHSA-cj7v-27pg-wf7q Anchore CVE Low jetty-http-8.1.15.v20140411
GHSA-3ccq-5vw3-2p6x Anchore CVE High xstream-1.4.17
CVE-2022-2048 Anchore CVE High jetty-servlet-8.1.15.v20140411
GHSA-g5w6-mrj7-75h2 Anchore CVE High xstream-1.4.17
GHSA-p8pq-r894-fm8f Anchore CVE High xstream-1.4.17
GHSA-qrx8-8545-4wg2 Anchore CVE High xstream-1.4.17
GHSA-fp5r-v3w9-4333 Anchore CVE High log4j-1.2.17-atlassian-3
GHSA-g5w6-mrj7-75h2 Anchore CVE High xstream-1.4.17
GHSA-j9h8-phrw-h4fh Anchore CVE High xstream-1.4.17
GHSA-8jrj-525p-826v Anchore CVE High xstream-1.4.17
GHSA-2q8x-2p7f-574v Anchore CVE High xstream-1.4.17
GHSA-hph2-m3g5-xxv4 Anchore CVE High xstream-1.4.17
CVE-2022-2047 Anchore CVE Low jetty-servlet-8.1.15.v20140411
CVE-2022-33879 Anchore CVE Low tika-core-1.22
GHSA-p8pq-r894-fm8f Anchore CVE High xstream-1.4.17
CVE-2022-22970 Anchore CVE Medium spring-core-5.3.19
CVE-2022-22971 Anchore CVE Medium spring-core-5.3.19
CVE-2022-26136 Anchore CVE Critical crowd-api-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-query-language-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-integration-client-rest-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-core-tiny-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-integration-api-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-query-language-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-rest-application-management-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-core-tiny-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-server-common-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-integration-client-rest-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-rest-application-management-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-server-common-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-server-api-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-remote-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-server-api-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-remote-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-password-encoders-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-events-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-core-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-azure-ad-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-synchronisation-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-core-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-persistence-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-rest-common-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-synchronisation-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-ldap-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-azure-ad-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-integration-seraph-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-rest-common-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-ldap-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-integration-seraph-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-api-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-rest-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-events-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-integration-client-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-password-encoders-4.3.6-df99201870d
CVE-2022-26136 Anchore CVE Critical crowd-persistence-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-integration-client-common-4.3.6-df99201870d
CVE-2022-26137 Anchore CVE High crowd-integration-api-4.3.6-df99201870d
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.14.2
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.10.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.10.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.10.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.13.1
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-gp7f-rwcx-9369 Anchore CVE Medium jsoup-1.8.3
GHSA-56h3-78gp-v83r Anchore CVE Medium jettison-1.1
GHSA-56h3-78gp-v83r Anchore CVE Medium jettison-1.1
GHSA-56h3-78gp-v83r Anchore CVE Medium jettison-1.1
GHSA-x27m-9w8j-5vcw Anchore CVE High jettison-1.1
GHSA-x27m-9w8j-5vcw Anchore CVE High jettison-1.1
GHSA-x27m-9w8j-5vcw Anchore CVE High jettison-1.1
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.13.2.2
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.13.1
GHSA-h4h5-3hr4-j3g2 Anchore CVE Medium protobuf-java-3.14.0
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.13.1
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.12.1
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.10.2
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.11.0
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.12.1
GHSA-h4h5-3hr4-j3g2 Anchore CVE Medium protobuf-java-3.4.0
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.3.3
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.13.2.2
GHSA-rgv9-q543-rqg4 Anchore CVE High jackson-databind-2.9.9
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.5
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.7
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.5
GHSA-599f-7c49-w659 Anchore CVE Critical commons-text-1.6
GHSA-3f7h-mf4q-vrm4 Anchore CVE Medium woodstox-core-5.2.1
CVE-2015-20107 Twistlock CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2017-7658 Twistlock CVE Critical org.eclipse.jetty_jetty-io-8.1.15
CVE-2017-7657 Twistlock CVE Critical org.eclipse.jetty_jetty-io-8.1.15
CVE-2022-42889 Twistlock CVE Critical org.apache.commons_commons-text-1.6
CVE-2022-42889 Twistlock CVE Critical org.apache.commons_commons-text-1.7
CVE-2022-42889 Twistlock CVE Critical org.apache.commons_commons-text-1.5
CVE-2021-23792 Twistlock CVE Critical com.twelvemonkeys.imageio_imageio-metadata-3.4.1
CVE-2020-10683 Twistlock CVE Critical dom4j_dom4j-1.4.1
CVE-2019-13990 Twistlock CVE Critical org.quartz-scheduler_quartz-1.7.3
CVE-2017-7657 Twistlock CVE Critical org.eclipse.jetty_jetty-server-8.1.15
CVE-2022-43782 Anchore CVE Critical crowd-ldap-4.3.6-df99201870d
GHSA-f7vh-qwp3-x37m Anchore CVE Critical log4j-1.2.17-atlassian-16
CVE-2022-43782 Anchore CVE Critical crowd-integration-client-common-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-core-tiny-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-synchronisation-4.3.6-df99201870d
GHSA-f7vh-qwp3-x37m Anchore CVE Critical log4j-1.2.17-atlassian-3
CVE-2022-43782 Anchore CVE Critical crowd-core-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-server-common-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-db-config-password-cipher-encryptors-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-api-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-query-language-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-password-encoders-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-integration-api-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
GHSA-f7vh-qwp3-x37m Anchore CVE Critical log4j-1.2.17
CVE-2022-43782 Anchore CVE Critical crowd-integration-seraph-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-server-api-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-integration-client-rest-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-rest-application-management-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-persistence-4.3.6-df99201870d
GHSA-f7vh-qwp3-x37m Anchore CVE Critical log4j-1.2.17-atlassian-3
CVE-2022-43782 Anchore CVE Critical crowd-events-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-remote-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-common-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-rest-common-4.3.6-df99201870d
CVE-2022-43782 Anchore CVE Critical crowd-azure-ad-4.3.6-df99201870d
GHSA-cgp8-4m63-fhh5 Anchore CVE Medium commons-net-3.8.0
CVE-2022-45868 Anchore CVE High h2-1.4.200
GHSA-g5ww-5jh7-63cx Anchore CVE High protobuf-java-3.14.0
GHSA-g5ww-5jh7-63cx Anchore CVE High protobuf-java-3.4.0
CVE-2022-45061 Anchore CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2021-3737 Anchore CVE Low python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2022-0391 Anchore CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2007-4559 Anchore CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2021-3733 Anchore CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2015-20107 Anchore CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
GHSA-4gg5-vx3j-xwc7 Anchore CVE High protobuf-java-3.4.0
GHSA-4gg5-vx3j-xwc7 Anchore CVE High protobuf-java-3.14.0
GHSA-j563-grx4-pjpv Anchore CVE High xstream-1.4.16
GHSA-j563-grx4-pjpv Anchore CVE High xstream-1.4.17
GHSA-j563-grx4-pjpv Anchore CVE High xstream-1.4.17
GHSA-j563-grx4-pjpv Anchore CVE High xstream-1.4.17
GHSA-f8cc-g7j8-xxpm Anchore CVE High xstream-1.4.17
GHSA-f8cc-g7j8-xxpm Anchore CVE High xstream-1.4.17
GHSA-f8cc-g7j8-xxpm Anchore CVE High xstream-1.4.16
GHSA-f8cc-g7j8-xxpm Anchore CVE High xstream-1.4.17
GHSA-grr4-wv38-f68w Anchore CVE High jettison-1.1
GHSA-grr4-wv38-f68w Anchore CVE High jettison-1.1
GHSA-grr4-wv38-f68w Anchore CVE High jettison-1.1
GHSA-7rf3-mqpx-h7xg Anchore CVE High jettison-1.1
GHSA-7rf3-mqpx-h7xg Anchore CVE High jettison-1.1
GHSA-7rf3-mqpx-h7xg Anchore CVE High jettison-1.1
GHSA-2pj2-gchf-wmw7 Anchore CVE Medium zip4j-1.3.3
GHSA-hfrx-6qgj-fp6c Anchore CVE High commons-fileupload-1.3.3
GHSA-hfrx-6qgj-fp6c Anchore CVE High commons-fileupload-1.3.3
GHSA-hfrx-6qgj-fp6c Anchore CVE High commons-fileupload-1.3.3
GHSA-6x9x-8qw9-9pp6 Anchore CVE Critical jetty-server-8.1.15.v20140411
CVE-2023-26464 Anchore CVE High log4j-1.2.17-atlassian-16
CVE-2023-26464 Anchore CVE High log4j-1.2.17-atlassian-3
CVE-2023-26464 Anchore CVE High log4j-1.2.17
CVE-2023-26464 Anchore CVE High log4j-1.2.17-atlassian-3
GHSA-3x8x-79m2-3w2w Anchore CVE High jackson-databind-2.11.0
GHSA-3x8x-79m2-3w2w Anchore CVE High jackson-databind-2.12.1
GHSA-3x8x-79m2-3w2w Anchore CVE High jackson-databind-2.10.2
GHSA-q6g2-g7f3-rr83 Anchore CVE High jettison-1.1
GHSA-q6g2-g7f3-rr83 Anchore CVE High jettison-1.1
GHSA-q6g2-g7f3-rr83 Anchore CVE High jettison-1.1
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-1.3.3
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-1.3.2
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-2.4.7
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-2.4.7
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-1.3.1
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-2.3
GHSA-493p-pfq6-5258 Anchore CVE High json-smart-1.3.3
CVE-2023-20861 Anchore CVE Medium spring-core-5.3.19
CVE-2022-42003 Anchore CVE High jackson-databind-2.3.3
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.11.0
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.9.9
GHSA-jjjh-jjxp-wpff Anchore CVE High jackson-databind-2.10.2
CVE-2023-28867 Anchore CVE High graphql-java-13.0
CVE-2023-20860 Anchore CVE High spring-core-5.3.19
GHSA-3vqj-43w4-2q58 Anchore CVE High json-20070829
GHSA-p26g-97m4-6q7c Anchore CVE Low jetty-server-8.1.15.v20140411
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.9.9
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.13.1
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.12.1
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.13.2.2
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.10.2
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.11.0
CVE-2022-42004 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.3.3
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.3.3
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.13.2.2
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.13.1
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.11.0
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.12.1
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.10.2
CVE-2022-42003 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.9.9
CVE-2022-40152 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.16
CVE-2022-40152 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.17
CVE-2022-40151 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.16
CVE-2022-40151 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.17
CVE-2022-2048 Twistlock CVE High org.eclipse.jetty_jetty-io-8.1.15
CVE-2017-9735 Twistlock CVE High org.eclipse.jetty_jetty-io-8.1.15
CVE-2017-7656 Twistlock CVE High org.eclipse.jetty_jetty-io-8.1.15
CVE-2022-31159 Twistlock CVE High com.amazonaws_aws-java-sdk-s3-1.11.310
CVE-2022-25647 Twistlock CVE High com.google.code.gson_gson-2.8.6
CVE-2022-25647 Twistlock CVE High com.google.code.gson_gson-2.7
CVE-2022-25647 Twistlock CVE High com.google.code.gson_gson-2.8.5
CVE-2022-25647 Twistlock CVE High com.google.code.gson_gson-2.8.7
CVE-2021-40690 Twistlock CVE High org.apache.santuario_xmlsec-2.2.0
CVE-2021-40690 Twistlock CVE High org.apache.santuario_xmlsec-1.5.6
CVE-2021-31684 Twistlock CVE High net.minidev_json-smart-1.3.1
CVE-2021-31684 Twistlock CVE High net.minidev_json-smart-1.3.2
CVE-2021-22569 Twistlock CVE High com.google.protobuf_protobuf-java-3.14.0
CVE-2021-22569 Twistlock CVE High com.google.protobuf_protobuf-java-3.4.0
CVE-2020-13936 Twistlock CVE High org.apache.velocity_velocity-1.6.4
CVE-2020-10650 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.9.9
CVE-2020-10650 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.3.3
CVE-2018-1000632 Twistlock CVE High dom4j_dom4j-1.4.1
CVE-2017-7656 Twistlock CVE High org.eclipse.jetty_jetty-server-8.1.15
CVE-2015-2080 Twistlock CVE High org.eclipse.jetty_jetty-server-8.1.15
CVE-2022-36033 Twistlock CVE Medium org.jsoup_jsoup-1.8.3
CVE-2022-36033 Twistlock CVE Medium org.jsoup_jsoup-1.14.2
CVE-2022-36033 Twistlock CVE Medium org.jsoup_jsoup-1.13.1
CVE-2022-36033 Twistlock CVE Medium org.jsoup_jsoup-1.10.3
PRISMA-2021-0182 Twistlock CVE Medium org.eclipse.jetty_jetty-servlet-8.1.15
PRISMA-2021-0182 Twistlock CVE Medium org.eclipse.jetty_jetty-server-8.1.15
CVE-2021-28169 Twistlock CVE Medium org.eclipse.jetty_jetty-io-8.1.15
CVE-2022-40149 Twistlock CVE Medium org.codehaus.jettison_jettison-1.1
CVE-2022-3171 Twistlock CVE Medium com.google.protobuf_protobuf-java-3.14.0
CVE-2022-3171 Twistlock CVE Medium com.google.protobuf_protobuf-java-3.4.0
CVE-2022-29577 Twistlock CVE Medium org.owasp.antisamy_antisamy-1.5.8
CVE-2022-28367 Twistlock CVE Medium org.owasp.antisamy_antisamy-1.5.8
CVE-2022-24615 Twistlock CVE Medium net.lingala.zip4j_zip4j-1.3.3
CVE-2022-23437 Twistlock CVE Medium xerces_xercesImpl-2.12.1
CVE-2021-35043 Twistlock CVE Medium org.owasp.antisamy_antisamy-1.5.8
CVE-2020-15250 Twistlock CVE Medium junit_junit-4.12
CVE-2019-10247 Twistlock CVE Medium org.eclipse.jetty_jetty-server-8.1.15
CVE-2019-10241 Twistlock CVE Medium org.eclipse.jetty_jetty-server-8.1.15
CVE-2021-34428 Twistlock CVE Low org.eclipse.jetty_jetty-io-8.1.15
CVE-2022-33879 Twistlock CVE Low org.apache.tika_tika-core-1.23
CVE-2022-33879 Twistlock CVE Low org.apache.tika_tika-core-1.22
CVE-2022-2047 Twistlock CVE Low org.eclipse.jetty_jetty-io-8.1.15
CVE-2022-40152 Twistlock CVE Medium com.fasterxml.woodstox_woodstox-core-5.2.1
CVE-2022-40150 Twistlock CVE High org.codehaus.jettison_jettison-1.1
CVE-2022-2047 Twistlock CVE Low org.eclipse.jetty_jetty-http-8.1.15
CVE-2021-34428 Twistlock CVE Low org.eclipse.jetty_jetty-server-8.1.15
CVE-2022-45061 Twistlock CVE Medium python36-3.6.8-38.module+el8.5.0+12207+5c5719bc
CVE-2021-37533 Twistlock CVE Medium commons-net_commons-net-3.8.0
CVE-2022-3509 Twistlock CVE High com.google.protobuf_protobuf-java-3.14.0
CVE-2022-3509 Twistlock CVE High com.google.protobuf_protobuf-java-3.4.0
CVE-2022-3510 Twistlock CVE High com.google.protobuf_protobuf-java-3.14.0
CVE-2022-3510 Twistlock CVE High com.google.protobuf_protobuf-java-3.4.0
CVE-2022-41966 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.16
CVE-2022-41966 Twistlock CVE High com.thoughtworks.xstream_xstream-1.4.17
CVE-2022-45693 Twistlock CVE High org.codehaus.jettison_jettison-1.1
CVE-2022-45685 Twistlock CVE High org.codehaus.jettison_jettison-1.1
CVE-2023-22899 Twistlock CVE Medium net.lingala.zip4j_zip4j-1.3.3
CVE-2017-7658 Twistlock CVE Critical org.eclipse.jetty_jetty-server-8.1.15
CVE-2023-26464 Twistlock CVE High log4j_log4j-1.2.17
CVE-2021-46877 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.11.0
CVE-2021-46877 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.12.1
CVE-2021-46877 Twistlock CVE High com.fasterxml.jackson.core_jackson-databind-2.10.2
CVE-2023-1436 Twistlock CVE High org.codehaus.jettison_jettison-1.1
CVE-2023-1370 Twistlock CVE High net.minidev_json-smart-1.3.1
CVE-2023-1370 Twistlock CVE High net.minidev_json-smart-1.3.3
CVE-2023-1370 Twistlock CVE High net.minidev_json-smart-2.3
CVE-2023-1370 Twistlock CVE High net.minidev_json-smart-1.3.2
CVE-2022-22978 Twistlock CVE Critical spring-security-core-5.4.5
CVE-2020-1938 Twistlock CVE Critical tomcat-util-8.5
CVE-2018-8014 Twistlock CVE Critical tomcat-util-8.5
CVE-2016-8735 Twistlock CVE Critical tomcat-util-8.5
CVE-2016-1000027 Twistlock CVE Critical spring-web-5.3.19
CVE-2017-5648 Twistlock CVE Critical tomcat-util-8.5
CVE-2016-5018 Twistlock CVE Critical tomcat-util-8.5
CVE-2022-23221 Twistlock CVE Critical h2-1.4.200
CVE-2021-42392 Twistlock CVE Critical h2-1.4.200
CVE-2022-25762 Twistlock CVE High tomcat-util-8.5
CVE-2017-12617 Twistlock CVE High tomcat-util-8.5
CVE-2016-5388 Twistlock CVE High tomcat-util-8.5
CVE-2023-20860 Twistlock CVE High spring-web-5.3.19
CVE-2023-20860 Twistlock CVE High spring-core-5.3.19
CVE-2022-42252 Twistlock CVE High tomcat-util-8.5
CVE-2021-41079 Twistlock CVE High tomcat-util-8.5
CVE-2021-25122 Twistlock CVE High tomcat-util-8.5
CVE-2021-22119 Twistlock CVE High spring-security-core-5.4.5
CVE-2020-13935 Twistlock CVE High tomcat-util-8.5
CVE-2020-11996 Twistlock CVE High tomcat-util-8.5
CVE-2019-17563 Twistlock CVE High tomcat-util-8.5
CVE-2019-10072 Twistlock CVE High tomcat-util-8.5
CVE-2019-0199 Twistlock CVE High tomcat-util-8.5
CVE-2018-8034 Twistlock CVE High tomcat-util-8.5
CVE-2018-1336 Twistlock CVE High tomcat-util-8.5
CVE-2017-5664 Twistlock CVE High tomcat-util-8.5
CVE-2017-5647 Twistlock CVE High tomcat-util-8.5
CVE-2016-8745 Twistlock CVE High tomcat-util-8.5
CVE-2016-6817 Twistlock CVE High tomcat-util-8.5
CVE-2016-6797 Twistlock CVE High tomcat-util-8.5
CVE-2016-6796 Twistlock CVE High tomcat-util-8.5
CVE-2016-3092 Twistlock CVE High tomcat-util-8.5
CVE-2016-1000343 Twistlock CVE High org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000342 Twistlock CVE High org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000338 Twistlock CVE High org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000352 Twistlock CVE High org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000344 Twistlock CVE High org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-6816 Twistlock CVE High tomcat-util-8.5
CVE-2023-28867 Twistlock CVE High graphql-java-13.0
CVE-2022-37734 Twistlock CVE High graphql-java-13.0
CVE-2022-31197 Twistlock CVE High org.postgresql_postgresql-42.2.23
CVE-2022-21724 Twistlock CVE High org.postgresql_postgresql-42.2.23
CVE-2021-25329 Twistlock CVE High tomcat-util-8.5
CVE-2021-23463 Twistlock CVE High h2-1.4.200
CVE-2020-9484 Twistlock CVE High tomcat-util-8.5
CVE-2019-12418 Twistlock CVE High tomcat-util-8.5
CVE-2023-20861 Twistlock CVE Medium spring-core-5.3.19
CVE-2023-20861 Twistlock CVE Medium spring-web-5.3.19
CVE-2022-22971 Twistlock CVE Medium spring-core-5.3.19
CVE-2022-22971 Twistlock CVE Medium spring-web-5.3.19
CVE-2021-30640 Twistlock CVE Medium tomcat-util-8.5
CVE-2018-1305 Twistlock CVE Medium tomcat-util-8.5
CVE-2019-0221 Twistlock CVE Medium tomcat-util-8.5
CVE-2021-24122 Twistlock CVE Medium tomcat-util-8.5
CVE-2019-2684 Twistlock CVE Medium tomcat-util-8.5
CVE-2018-1304 Twistlock CVE Medium tomcat-util-8.5
CVE-2017-13098 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000345 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-1000341 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2016-0762 Twistlock CVE Medium tomcat-util-8.5
CVE-2022-22976 Twistlock CVE Medium spring-security-core-5.4.5
CVE-2022-22970 Twistlock CVE Medium spring-core-5.3.19
CVE-2022-22970 Twistlock CVE Medium spring-web-5.3.19
CVE-2021-33037 Twistlock CVE Medium tomcat-util-8.5
CVE-2016-6794 Twistlock CVE Medium tomcat-util-8.5
CVE-2016-1000339 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2020-1935 Twistlock CVE Medium tomcat-util-8.5
CVE-2023-28708 Twistlock CVE Medium tomcat-util-8.5
CVE-2020-13943 Twistlock CVE Medium tomcat-util-8.5
CVE-2018-11784 Twistlock CVE Medium tomcat-util-8.5
CVE-2017-7674 Twistlock CVE Medium tomcat-util-8.5
GHSA-673j-qm5f-xpv8 Twistlock CVE Medium org.postgresql_postgresql-42.2.23
CVE-2022-41946 Twistlock CVE Medium org.postgresql_postgresql-42.2.23
CVE-2022-24329 Twistlock CVE Medium kotlin-stdlib-1.4.10
CVE-2020-29582 Twistlock CVE Medium kotlin-stdlib-1.4.10
CVE-2020-15522 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2021-43980 Twistlock CVE Low tomcat-util-8.5
CVE-2016-1000346 Twistlock CVE Low org.bouncycastle_bcprov-jdk15on-1.50
CVE-2023-20863 Twistlock CVE Medium spring-core-5.3.19
CVE-2023-26049 Twistlock CVE Low org.eclipse.jetty_jetty-server-8.1.15
GHSA-qw69-rqj8-6qw8 Anchore CVE Medium jetty-server-8.1.15.v20140411
CVE-2023-20863 Anchore CVE Medium spring-core-5.3.19
CVE-2022-45064 Anchore CVE Critical org.apache.sling.commons.osgi-2.0.4-incubator
CVE-2022-45064 Anchore CVE Critical org.apache.sling.commons.osgi-2.0.4-incubator
CVE-2023-26049 Anchore CVE Medium jetty-io-8.1.15.v20140411
CVE-2023-26049 Anchore CVE Medium jetty-servlet-8.1.15.v20140411
CVE-2023-26049 Anchore CVE Medium jetty-security-8.1.15.v20140411
CVE-2023-26049 Anchore CVE Medium jetty-http-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-servlet-8.1.15.v20140411
CVE-2023-26049 Anchore CVE Medium jetty-util-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-continuation-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-security-8.1.15.v20140411
CVE-2023-26049 Anchore CVE Medium jetty-continuation-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-util-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-io-8.1.15.v20140411
CVE-2023-26048 Anchore CVE Medium jetty-http-8.1.15.v20140411
GHSA-6phf-6h5g-97j2 Anchore CVE High sqlite-jdbc-3.34.0
GHSA-7g45-4rm6-3mm3 Anchore CVE Medium guava-26.0-jre
GHSA-7g45-4rm6-3mm3 Anchore CVE Medium guava-18.0
GHSA-7g45-4rm6-3mm3 Anchore CVE Medium guava-18.0
CVE-2023-34396 Anchore CVE High struts-tiles-1.3.8
CVE-2023-34396 Anchore CVE High struts-taglib-1.3.8
CVE-2023-34149 Anchore CVE Medium struts-core-1.3.8
CVE-2023-34396 Anchore CVE High struts-core-1.3.8
CVE-2023-34149 Anchore CVE Medium struts-tiles-1.3.8
CVE-2023-34149 Anchore CVE Medium struts-taglib-1.3.8
CVE-2023-34454 Anchore CVE High snappy-java-1.1.7.1
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.3.3
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.13.1
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.9.9
CVE-2023-34454 Anchore CVE High snappy-java-1.1.7.3
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.11.0
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.13.2.2
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.12.1
CVE-2023-34453 Anchore CVE High snappy-java-1.1.7.3
CVE-2023-34455 Anchore CVE High snappy-java-1.1.7.1
CVE-2023-34455 Anchore CVE High snappy-java-1.1.7.3
CVE-2023-34453 Anchore CVE High snappy-java-1.1.7.1
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.10.2
CVE-2023-2976 Anchore CVE High guava-rate-limiter-15.0-atlassian-1
CVE-2020-23064 Anchore CVE Medium jquery-2.2.4.10
CVE-2020-23064 Anchore CVE Medium jquery-2.2.4.7
CVE-2020-23064 Anchore CVE Medium jquery-2.2.4
GHSA-77rm-9x9h-xj3g Anchore CVE High protobuf-java-3.14.0
GHSA-77rm-9x9h-xj3g Anchore CVE High protobuf-java-3.4.0
GHSA-wfcc-pff6-rgc5 Anchore CVE High jetty-server-8.1.15.v20140411
CVE-2021-22119 Anchore CVE High spring-security-core-5.4.5
CVE-2022-22976 Anchore CVE Medium spring-security-core-5.4.5
CVE-2022-22978 Anchore CVE Critical spring-security-core-5.4.5
GHSA-gq5f-xv48-2365 Anchore CVE High batik-bridge-1.14
GHSA-gq5f-xv48-2365 Anchore CVE High batik-transcoder-1.14
GHSA-gq5f-xv48-2365 Anchore CVE High batik-transcoder-1.14
GHSA-qw3f-w4pf-jh5f Anchore CVE Medium tika-core-1.22
GHSA-gq5f-xv48-2365 Anchore CVE High batik-bridge-1.14
GHSA-qw3f-w4pf-jh5f Anchore CVE Medium tika-core-1.23
GHSA-2474-2566-3qxp Anchore CVE Medium batik-script-1.14
GHSA-2474-2566-3qxp Anchore CVE Medium batik-script-1.14
CVE-2023-41080 Anchore CVE Medium tomcat-jdbc-8.5.78
CVE-2017-15095 Anchore CVE Critical jackson-databind-2.3.3
CVE-2023-43642 Anchore CVE High snappy-java-1.1.7.1
GHSA-26vr-8j45-3r4w Anchore CVE High jetty-server-8.1.15.v20140411
CVE-2021-28165 Anchore CVE High jetty-io-8.1.15.v20140411
CVE-2023-43642 Anchore CVE High snappy-java-1.1.7.3
GHSA-rhrv-645h-fjfh Anchore CVE High avro-1.7.7
GHSA-pcf2-gh6g-h5r2 Anchore CVE Medium antisamy-1.5.8
CVE-2023-43804 Anchore CVE Medium platform-python-pip-9.0.3-22.el8
CVE-2023-43804 Anchore CVE Medium python3-pip-9.0.3-22.el8
GHSA-pcf2-gh6g-h5r2 Anchore CVE Medium antisamy-1.5.8
GHSA-rm7j-f5g5-27vv Anchore CVE High json-20070829
CVE-2022-33068 Anchore CVE Medium java-11-openjdk-headless-1:11.0.21.0.9-2.el8
CVE-2023-2004 Anchore CVE Low java-11-openjdk-headless-1:11.0.21.0.9-2.el8
CVE-2023-26048 Twistlock CVE Medium org.eclipse.jetty_jetty-server-8.1.15
CVE-2023-20863 Twistlock CVE Medium spring-web-5.3.19
CVE-2022-34169 Twistlock CVE High org.apache.xalan_xalan-2.7.2
CVE-2023-26049 Twistlock CVE Medium org.eclipse.jetty_jetty-io-8.1.15
CVE-2023-26048 Twistlock CVE Medium org.eclipse.jetty_jetty-io-8.1.15
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.12.2
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.12.1
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.11.0
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.3.3
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.13.2
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.13.1
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.10.2
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.9.9
PRISMA-2023-0069 Twistlock CVE Medium com.fasterxml.jackson.core_jackson-core-2.3.3
PRISMA-2023-0068 Twistlock CVE Medium com.fasterxml.jackson.core_jackson-core-2.3.3
CVE-2023-24998 Twistlock CVE High commons-fileupload_commons-fileupload-1.3.3
CVE-2023-32697 Twistlock CVE High org.xerial_sqlite-jdbc-3.34.0
CVE-2017-7525 Twistlock CVE Critical com.fasterxml.jackson.core_jackson-databind-2.3.3
CVE-2017-17485 Twistlock CVE Critical com.fasterxml.jackson.core_jackson-databind-2.3.3
CVE-2023-2976 Twistlock CVE High com.google.guava_guava-18.0
CVE-2023-2976 Twistlock CVE High com.google.guava_guava-26.0
CVE-2023-34455 Twistlock CVE High snappy-java-1.1.7.3
CVE-2023-34455 Twistlock CVE High org.xerial.snappy_snappy-java-1.1.7.1
CVE-2023-34454 Twistlock CVE Medium org.xerial.snappy_snappy-java-1.1.7.1
CVE-2023-34454 Twistlock CVE Medium snappy-java-1.1.7.3
CVE-2023-34453 Twistlock CVE Medium snappy-java-1.1.7.3
CVE-2023-34453 Twistlock CVE Medium org.xerial.snappy_snappy-java-1.1.7.1
CVE-2023-34396 Twistlock CVE High org.apache.struts_struts-core-1.3.8
CVE-2023-34149 Twistlock CVE Medium org.apache.struts_struts-core-1.3.8
CVE-2023-1370 Twistlock CVE High net.minidev_json-smart-2.4.7
CVE-2021-22570 Twistlock CVE High com.google.protobuf_protobuf-java-3.4.0
CVE-2021-22570 Twistlock CVE High com.google.protobuf_protobuf-java-3.14.0
CVE-2017-9735 Twistlock CVE High org.eclipse.jetty_jetty-server-8.1.15
CVE-2022-44730 Twistlock CVE Medium org.apache.xmlgraphics_batik-script-1.14
CVE-2022-44729 Twistlock CVE High org.apache.xmlgraphics_batik-bridge-1.14
CVE-2022-44729 Twistlock CVE High org.apache.xmlgraphics_batik-transcoder-1.14
CVE-2023-41080 Twistlock CVE Medium tomcat-util-8.5
CVE-2023-33201 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.68
CVE-2023-33201 Twistlock CVE Medium org.bouncycastle_bcprov-jdk15on-1.50
CVE-2023-43642 Twistlock CVE High org.xerial.snappy_snappy-java-1.1.7.1
CVE-2023-43642 Twistlock CVE High snappy-java-1.1.7.3
CVE-2021-28165 Twistlock CVE High org.eclipse.jetty_jetty-server-8.1.15
CVE-2020-17527 Twistlock CVE High tomcat-coyote-8.5
CVE-2016-6816 Twistlock CVE High tomcat-coyote-8.5
CVE-2020-13943 Twistlock CVE Medium tomcat-coyote-8.5
CVE-2023-39410 Twistlock CVE High org.apache.avro_avro-1.7.7
CVE-2023-43643 Twistlock CVE Medium org.owasp.antisamy_antisamy-1.5.8
CVE-2023-45648 Twistlock CVE Medium tomcat-util-8.5
CVE-2023-42795 Twistlock CVE Medium tomcat-util-8.5
CVE-2018-25091 Twistlock CVE Medium platform-python-pip-9.0.3-22.el8
CVE-2018-25091 Twistlock CVE Medium python3-pip-9.0.3-22.el8
CVE-2022-33068 Twistlock CVE Medium java-11-openjdk-headless-11.0.21.0.9-2.el8
CVE-2022-3857 Twistlock CVE Low java-11-openjdk-headless-11.0.21.0.9-2.el8

VAT: https://vat.dso.mil/vat/image?imageName=atlassian/jira-data-center/jira-node&tag=8.20.10&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/atlassian/jira-data-center/8.20/jira-node/-/jobs/23471763

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Verification" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by W. Scott Rogers
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI