chore(findings): big-bang/babu

Summary

big-bang/babu has 170 new findings discovered during continuous monitoring.

Layer: big-bang/babu:0.2.0 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=big-bang/babu&tag=0.2.0&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	impact	workaround	epss_score	kev
CVE-2024-53981	Twistlock CVE	High	python-multipart-0.0.6	If you are parsing form data, youre vulnerable.		0.00350	false
CVE-2024-45338	Twistlock CVE	High	golang.org/x/net/html-v0.26.0			0.00189	false
CVE-2025-8194	Anchore CVE	Medium	python3-devel-3.9.21-2.el9_6.2			0.00096	false
CVE-2025-6069	Anchore CVE	Medium	python3-devel-3.9.21-2.el9_6.2			0.00090	false
CVE-2025-22868	Twistlock CVE	High	golang.org/x/oauth2/jws-v0.25.0			0.00076	false
CVE-2025-1377	Anchore CVE	Low	elfutils-debuginfod-client-0.192-6.el9_6			0.00065	false
CVE-2025-54121	Twistlock CVE	Medium	starlette-0.41.3	Its a rare case.	Check the commit that fixes the issue and patch yourself.	0.00064	false
CVE-2025-48964	Twistlock CVE	Medium	iputils-20210202-11.el9_6.1			0.00060	false
CVE-2025-48964	Anchore CVE	Medium	iputils-20210202-11.el9_6.1			0.00060	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.0			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.22.10			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.4			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.0			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.0			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.6			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.22.10			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.12			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.22.6			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.22.5			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.23.6			0.00054	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.21.13			0.00054	false
CVE-2025-1376	Anchore CVE	Low	elfutils-debuginfod-client-0.192-6.el9_6			0.00048	false
CVE-2025-4598	Anchore CVE	Medium	systemd-udev-252-51.el9_6.1			0.00037	false
CVE-2025-32728	Twistlock CVE	Medium	openssh-8.7p1-45.el9			0.00033	false
CVE-2025-32728	Anchore CVE	Medium	openssh-server-8.7p1-45.el9			0.00033	false
CVE-2025-32728	Anchore CVE	Medium	openssh-8.7p1-45.el9			0.00033	false
CVE-2025-1371	Anchore CVE	Low	elfutils-debuginfod-client-0.192-6.el9_6			0.00029	false
CVE-2025-8556	Twistlock CVE	Low	github.com/cloudflare/circl-v1.5.0			0.00022	false
CVE-2025-5245	Twistlock CVE	Medium	binutils-2.35.2-63.el9			0.00022	false
CVE-2025-5245	Anchore CVE	Medium	binutils-2.35.2-63.el9			0.00022	false
CVE-2025-5245	Anchore CVE	Medium	binutils-gold-2.35.2-63.el9			0.00022	false
CVE-2025-4516	Anchore CVE	Medium	python3-devel-3.9.21-2.el9_6.2			0.00021	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.22.5			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.21.12			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.22.6			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.21.13			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.23.4			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.0			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.22.10			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.0			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.4			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.6			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.6			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.22.6			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.23.0			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.22.10			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.22.5			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.13			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.21.12			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.23.6			0.00019	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.23.0			0.00019	false
CVE-2025-32387	Twistlock CVE	Medium	helm.sh/helm/v3-v3.17.0			0.00019	false
CVE-2025-32386	Twistlock CVE	Medium	helm.sh/helm/v3-v3.17.0			0.00019	false
CVE-2025-22872	Twistlock CVE	Medium	golang.org/x/net/html-v0.23.0			0.00019	false
CVE-2025-22872	Twistlock CVE	Medium	golang.org/x/net/html-v0.26.0			0.00019	false
CVE-2025-22872	Twistlock CVE	Medium	golang.org/x/net/html-v0.35.0			0.00019	false
CVE-2025-22872	Twistlock CVE	Medium	golang.org/x/net/html-v0.33.0			0.00019	false
CVE-2025-7546	Twistlock CVE	Medium	binutils-2.35.2-63.el9			0.00015	false
CVE-2025-7546	Anchore CVE	Medium	binutils-gold-2.35.2-63.el9			0.00015	false
CVE-2025-7546	Anchore CVE	Medium	binutils-2.35.2-63.el9			0.00015	false
CVE-2025-55198	Twistlock CVE	Medium	helm.sh/helm/v3/pkg/chartutil-v3.17.0			0.00015	false
CVE-2025-50181	Anchore CVE	Medium	python3-pip-21.3.1-1.el9			0.00015	false
CVE-2025-22870	Twistlock CVE	Medium	golang.org/x/net/proxy-v0.35.0			0.00015	false
CVE-2025-22870	Twistlock CVE	Medium	golang.org/x/net/proxy-v0.26.0			0.00015	false
CVE-2025-22870	Twistlock CVE	Medium	golang.org/x/net/http/httpproxy-v0.35.0			0.00015	false
CVE-2025-9403	Twistlock CVE	Low	jq-1.6-17.el9_6.2			0.00014	false
CVE-2025-9403	Anchore CVE	Low	jq-1.6-17.el9_6.2			0.00014	false
CVE-2025-7545	Twistlock CVE	Medium	binutils-2.35.2-63.el9			0.00014	false
CVE-2025-7545	Anchore CVE	Medium	binutils-gold-2.35.2-63.el9			0.00014	false
CVE-2025-7545	Anchore CVE	Medium	binutils-2.35.2-63.el9			0.00014	false
CVE-2025-54410	Twistlock CVE	Low	github.com/docker/docker-v25.0.6			0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-debuginfod-client-0.192-6.el9_6			0.00014	false
CVE-2025-50182	Anchore CVE	Medium	python3-pip-21.3.1-1.el9			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.23.0			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.22.6			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.21.13			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.21.12			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.22.5			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.23.6			0.00013	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.22.10			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.22.6			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.4			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.0			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.0			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.22.10			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.22.10			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.12			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.22.5			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.0			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.6			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.21.13			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.23.6			0.00013	false
CVE-2025-55199	Twistlock CVE	Medium	helm.sh/helm/v3/pkg/chartutil-v3.17.0			0.00012	false
CVE-2025-3198	Twistlock CVE	Low	binutils-2.35.2-63.el9			0.00011	false
CVE-2025-3198	Anchore CVE	Low	binutils-2.35.2-63.el9			0.00011	false
CVE-2025-3198	Anchore CVE	Low	binutils-gold-2.35.2-63.el9			0.00011	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.12			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.0			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.6			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.22.5			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.0			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.22.10			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.22.10			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.0			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.4			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.23.6			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.22.6			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.21.13			0.00006	false
b07fb9a6041803c3a5b9f770a4ddad88	Anchore Compliance	Critical				N/A	N/A
GHSA-wj6h-64fc-37mp	Anchore CVE	High	ecdsa-0.19.1			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.25.0			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.23.0			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.28.0			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.26.0			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.35.0			N/A	N/A
GHSA-vvgc-356p-c3xw	Anchore CVE	Medium	golang.org/x/net-v0.33.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.26.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.26.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.32.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.23.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.33.0			N/A	N/A
GHSA-hcg3-q754-cr77	Anchore CVE	High	golang.org/x/crypto-v0.25.0			N/A	N/A
GHSA-f9f8-9pmf-xv68	Anchore CVE	Medium	helm.sh/helm/v3-v3.17.0			N/A	N/A
GHSA-9h84-qmv7-982p	Anchore CVE	Medium	helm.sh/helm/v3-v3.17.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.25.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.10.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.25.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.21.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.21.0			N/A	N/A
GHSA-6v2p-p543-phr9	Anchore CVE	High	golang.org/x/oauth2-v0.25.0			N/A	N/A
GHSA-5xqw-8hwv-wg92	Anchore CVE	Medium	helm.sh/helm/v3-v3.17.0			N/A	N/A
GHSA-59g5-xgcq-4qw3	Anchore CVE	High	python-multipart-0.0.6			N/A	N/A
GHSA-557j-xg8c-q2mm	Anchore CVE	High	helm.sh/helm/v3-v3.17.0			N/A	N/A
GHSA-4vq8-7jfc-9cvp	Anchore CVE	Low	github.com/docker/docker-v25.0.6+incompatible			N/A	N/A
GHSA-4vq8-7jfc-9cvp	Anchore CVE	Low	github.com/docker/docker-v27.1.2			N/A	N/A
GHSA-4vq8-7jfc-9cvp	Anchore CVE	Low	github.com/docker/docker-v27.1.2			N/A	N/A
GHSA-4hfp-h4cw-hj8p	Anchore CVE	Medium	helm.sh/helm/v3-v3.17.0			N/A	N/A
GHSA-2x5j-vhc8-9cwm	Anchore CVE	Low	github.com/cloudflare/circl-v1.5.0			N/A	N/A
GHSA-2jv5-9r88-3w3p	Anchore CVE	High	python-multipart-0.0.6			N/A	N/A
GHSA-2c2j-9gv5-cj73	Anchore CVE	Medium	starlette-0.41.3			N/A	N/A
4a8742652dc412083dfb30962fc9d07c	Anchore Compliance	Critical				N/A	N/A
166a6dc400cf9f68e274967f656d8984	Anchore Compliance	Critical				N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=big-bang/babu&tag=0.2.0&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 05, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): big-bang/babu

Summary

Tasks

Questions?