chore(findings): ccj2-a3im/datahub/datahub-kafka-setup
Summary
ccj2-a3im/datahub/datahub-kafka-setup has 90 new findings discovered during continuous monitoring.
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=ccj2-a3im/datahub/datahub-kafka-setup&tag=1.0.0&branch=master
EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.
KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.
| id | source | severity | package | impact | workaround | epss_score | kev |
|---|---|---|---|---|---|---|---|
| CVE-2025-24970 | Twistlock CVE | High | io.netty_netty-handler-4.1.115.Final | 0.00242 | false | ||
| CVE-2025-24970 | Twistlock CVE | High | io.netty_netty-handler-4.1.100.Final | 0.00242 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-shell-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-clients-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-group-coordinator-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-streams-test-utils-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-tools-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-log4j-appender-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-tools-api-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-server-common-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-streams-scala_2.13-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka_2.13-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-storage-api-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-storage-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-streams-examples-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-raft-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-streams-3.7.2 | 0.00226 | false | ||
| CVE-2025-27818 | Anchore CVE | High | kafka-metadata-3.7.2 | 0.00226 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.56.v20240826 | 0.00140 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.56.v20240826 | 0.00140 | false | ||
| CVE-2025-25193 | Twistlock CVE | Medium | io.netty_netty-common-4.1.100.Final | 0.00121 | false | ||
| CVE-2025-25193 | Twistlock CVE | Medium | io.netty_netty-common-4.1.115.Final | 0.00121 | false | ||
| CVE-2025-8194 | Anchore CVE | High | python3-3.12.11-r0 | 0.00096 | false | ||
| CVE-2025-6069 | Anchore CVE | Medium | python3-3.12.11-r0 | 0.00090 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.8.1 | 0.00066 | false | ||
| CVE-2016-2781 | Anchore CVE | Medium | coreutils-sha512sum-9.7-r1 | 0.00065 | false | ||
| CVE-2016-2781 | Anchore CVE | Medium | coreutils-9.7-r1 | 0.00065 | false | ||
| CVE-2016-2781 | Anchore CVE | Medium | coreutils-fmt-9.7-r1 | 0.00065 | false | ||
| CVE-2016-2781 | Anchore CVE | Medium | coreutils-env-9.7-r1 | 0.00065 | false | ||
| CVE-2025-55163 | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.100.Final | 0.00057 | false | ||
| CVE-2025-48734 | Twistlock CVE | Low | commons-beanutils_commons-beanutils-1.9.4 | 0.00056 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-server-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlet-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-io-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-client-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-ajax-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-security-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-http-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlets-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-continuation-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-13009 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.56.v20240826 | 0.00049 | false | ||
| CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.100.Final | 0.00048 | false | ||
| CVE-2025-58056 | Twistlock CVE | Low | io.netty_netty-codec-http-4.1.100.Final | 0.00042 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-shell-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-streams-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-group-coordinator-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-metadata-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-tools-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-streams-examples-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-storage-api-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka_2.13-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-tools-api-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-streams-scala_2.13-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-streams-test-utils-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-server-common-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-storage-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-raft-3.7.2 | 0.00031 | false | ||
| CVE-2025-27817 | Anchore CVE | High | kafka-log4j-appender-3.7.2 | 0.00031 | false | ||
| CVE-2024-47535 | Twistlock CVE | Medium | io.netty_netty-common-4.1.100.Final | 0.00024 | false | ||
| CVE-2025-52999 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | 0.00023 | false | ||
| CVE-2025-58057 | Twistlock CVE | Medium | io.netty_netty-codec-4.1.100.Final | 0.00017 | false | ||
| CVE-2025-58057 | Twistlock CVE | Medium | io.netty_netty-codec-4.1.115.Final | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 | 0.00015 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 | 0.00015 | false | ||
| PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-xq3w-v528-46rv | Anchore CVE | Medium | netty-common-4.1.100.Final | N/A | N/A | ||
| GHSA-xq3w-v528-46rv | Anchore CVE | Medium | netty-common-4.1.100.Final | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-wxr5-93ph-8wr9 | Anchore CVE | High | commons-beanutils-1.9.4 | N/A | N/A | ||
| GHSA-vgq5-3255-v292 | Anchore CVE | Medium | kafka-clients-3.7.2 | N/A | N/A | ||
| GHSA-qh8g-58pp-2wxh | Anchore CVE | Medium | jetty-http-9.4.56.v20240826 | N/A | N/A | ||
| GHSA-prj3-ccx8-p6x4 | Anchore CVE | High | netty-codec-http2-4.1.100.Final | N/A | N/A | ||
| GHSA-prj3-ccx8-p6x4 | Anchore CVE | High | netty-codec-http2-4.1.100.Final | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.8.1 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-fghv-69vj-qj49 | Anchore CVE | Low | netty-codec-http-4.1.100.Final | N/A | N/A | ||
| GHSA-fghv-69vj-qj49 | Anchore CVE | Low | netty-codec-http-4.1.100.Final | N/A | N/A | ||
| GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final | N/A | N/A | ||
| GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final | N/A | N/A | ||
| GHSA-4g8c-wm8x-jfhw | Anchore CVE | High | netty-handler-4.1.100.Final | N/A | N/A | ||
| GHSA-4g8c-wm8x-jfhw | Anchore CVE | High | netty-handler-4.1.100.Final | N/A | N/A | ||
| GHSA-4g8c-wm8x-jfhw | Anchore CVE | High | netty-handler-4.1.115.Final | N/A | N/A | ||
| GHSA-3p8m-j85q-pgmj | Anchore CVE | Medium | netty-codec-4.1.115.Final | N/A | N/A | ||
| GHSA-3p8m-j85q-pgmj | Anchore CVE | Medium | netty-codec-4.1.100.Final | N/A | N/A | ||
| GHSA-3p8m-j85q-pgmj | Anchore CVE | Medium | netty-codec-4.1.100.Final | N/A | N/A | ||
| GHSA-389x-839f-4rhx | Anchore CVE | Medium | netty-common-4.1.100.Final | N/A | N/A | ||
| GHSA-389x-839f-4rhx | Anchore CVE | Medium | netty-common-4.1.100.Final | N/A | N/A | ||
| GHSA-389x-839f-4rhx | Anchore CVE | Medium | netty-common-4.1.115.Final | N/A | N/A |
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=ccj2-a3im/datahub/datahub-kafka-setup&tag=1.0.0&branch=master
Tasks
Contributor:
-
Apply the StatusReview label to this issue for a merge request reviewand wait for feedback
OR
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue for a VAT justifications reviewand wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
RevieworVerificationlabel will be removed and the issue will be sent back toTo-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theRevieworVerificationlabel.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.
Edited by CHORE_TOKEN