chore(findings): f18-navy-boeing/osee/osee-hsql
Summary
f18-navy-boeing/osee/osee-hsql has 111 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
PRISMA-2021-0182 | twistlock_cve | Medium | org.eclipse.jetty_jetty-servlet-9.4.43.v20210629 |
PRISMA-2021-0182 | twistlock_cve | Medium | org.eclipse.jetty_jetty-server-9.4.43.v20210629 |
CCE-85987-6 | oscap_comp | Medium | |
CVE-2021-20190 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-16942 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14720 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14379 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-19362 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14540 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36188 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36179 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14721 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-9548 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-7489 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35728 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-10969 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35491 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-5968 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-24750 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11620 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36189 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-8840 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-8457 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36182 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11656 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36185 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14718 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-10968 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-20506 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-14060 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-20505 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2014-9390 | anchore_cve | Critical | org.eclipse.egit-5.8.0.202006091008-r |
CVE-2020-8908 | anchore_cve | Low | com.google.guava-27.1.0-SNAPSHOT |
CVE-2018-12023 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36180 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-25649 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2017-17485 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13434 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-10673 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-10672 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-14062 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14439 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36187 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36183 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13435 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-11307 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14892 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2016-6153 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-14893 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13631 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-14195 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-8740 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-19645 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-11619 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-16335 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-19646 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36184 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-20346 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-14061 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-12086 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-16943 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-9547 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-20330 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11113 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-12814 | anchore_cve | Medium | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11655 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-17267 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14719 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-12384 | anchore_cve | Medium | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2015-3717 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-12022 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35490 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-24616 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2015-5895 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2017-10989 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-15358 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-13630 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-9546 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-17531 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-16168 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36181 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36186 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11111 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36518 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11112 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13632 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-19360 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-19361 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13435 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-8740 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20346 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2014-9390 | anchore_cve | Critical | org.eclipse.egit_5.8.0.202006091008-r-5.8.0.202006091008-r |
CVE-2020-13631 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2016-6153 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2017-10989 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13630 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-15358 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20505 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-8457 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-11656 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2015-5895 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20506 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-11655 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-16168 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13434 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13632 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13956 | anchore_cve | Medium | org.apache.commons.httpclient_3.1.0.v201012070820-3.1.0.v201012070820 |
CVE-2019-19645 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-19646 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2022-25647 | anchore_cve | High | com.google.gson-2.8.2-SNAPSHOT |
f29704a9e7a9d718201772ca89fdd181 | anchore_comp | Low |
VAT: https://vat.dso.mil/vat/container/16329?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/f18-navy-boeing/osee/osee-hsql/-/jobs/11722516
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.