chore(findings): bluestaq/bluestaq-dataadmin/bluestaq-dataadmin
Summary
bluestaq/bluestaq-dataadmin/bluestaq-dataadmin has 27 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.33 |
GHSA-53jx-vvf9-4x38 | Anchore CVE | Medium | vertx-web-4.3.6 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.86.Final |
GHSA-3fhx-3vvg-2j84 | Anchore CVE | Medium | quarkus-core-2.15.3.Final |
GHSA-4f4r-wgv2-jjvg | Anchore CVE | High | quarkus-undertow-2.15.3.Final |
GHSA-4f4r-wgv2-jjvg | Anchore CVE | High | quarkus-vertx-http-2.15.3.Final |
GHSA-57m8-f3v5-hm5m | Anchore CVE | Medium | netty-handler-4.1.86.Final |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | Medium | netty-codec-http2-4.1.86.Final |
CVE-2023-2004 | Anchore CVE | Low | java-11-openjdk-headless-1:11.0.21.0.9-2.el8 |
CVE-2022-33068 | Anchore CVE | Medium | java-11-openjdk-headless-1:11.0.21.0.9-2.el8 |
CVE-2022-0530 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2022-0529 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2021-4217 | Twistlock CVE | Low | unzip-6.0-46.el8 |
CVE-2023-24815 | Twistlock CVE | Medium | io.vertx_vertx-web-4.3.6 |
PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 |
CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.33 |
CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.86 |
CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-codec-4.1.86 |
CVE-2023-2974 | Twistlock CVE | Medium | io.quarkus_quarkus-core-2.15.3 |
CVE-2023-4853 | Twistlock CVE | High | io.quarkus_quarkus-vertx-http-2.15.3 |
CVE-2023-4853 | Twistlock CVE | High | io.quarkus_quarkus-undertow-2.15.3 |
CVE-2023-4586 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.86 |
CVE-2023-4586 | Twistlock CVE | High | io.netty_netty-codec-4.1.86 |
GHSA-xpw8-rcwv-8f8p | Twistlock CVE | Medium | io.netty_netty-codec-http2-4.1.86 |
CVE-2023-44487 | Twistlock CVE | High | io.netty_netty-codec-4.1.86 |
CVE-2022-33068 | Twistlock CVE | Medium | java-11-openjdk-headless-11.0.21.0.9-2.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-11-openjdk-headless-11.0.21.0.9-2.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=bluestaq/bluestaq-dataadmin/bluestaq-dataadmin&tag=1.13.0-IB01192023&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=bluestaq/bluestaq-dataadmin/bluestaq-dataadmin&tag=1.13.0-IB01192023&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.