chore(findings): gladstone/afta/funcapp

Summary

gladstone/afta/funcapp has 97 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=gladstone/afta/funcapp&tag=0.26.0&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	impact	workaround	epss_score	kev
CVE-2023-44487	Anchore CVE	High	stdlib-go1.20.7			0.94379	true
CVE-2023-45288	Twistlock CVE	Medium	net/http-1.20.7			0.67599	false
CVE-2023-45288	Anchore CVE	High	stdlib-go1.20.7			0.67599	false
CVE-2024-24787	Anchore CVE	Medium	stdlib-go1.20.7			0.01583	false
CVE-2024-24784	Anchore CVE	High	stdlib-go1.20.7			0.01498	false
CVE-2024-24791	Twistlock CVE	Low	net/http-1.20.7			0.00618	false
CVE-2024-24791	Anchore CVE	High	stdlib-go1.20.7			0.00618	false
CVE-2023-45289	Twistlock CVE	Low	net/http-1.20.7			0.00409	false
CVE-2023-45289	Anchore CVE	Medium	stdlib-go1.20.7			0.00409	false
CVE-2024-24783	Twistlock CVE	Low	crypto/x509-1.20.7			0.00401	false
CVE-2024-24783	Anchore CVE	Medium	stdlib-go1.20.7			0.00401	false
CVE-2023-45290	Twistlock CVE	Low	net/textproto-1.20.7			0.00362	false
CVE-2023-45290	Anchore CVE	Medium	stdlib-go1.20.7			0.00362	false
CVE-2023-24531	Anchore CVE	Critical	stdlib-go1.20.7			0.00354	false
CVE-2024-24785	Anchore CVE	Medium	stdlib-go1.20.7			0.00246	false
CVE-2025-1795	Anchore CVE	Low	python-3.10.18			0.00184	false
CVE-2025-1795	Anchore CVE	Low	python-3.10.18			0.00184	false
CVE-2025-1795	Anchore CVE	Low	python-3.10.18			0.00184	false
CVE-2024-34156	Anchore CVE	High	stdlib-go1.20.7			0.00178	false
CVE-2024-34155	Anchore CVE	Medium	stdlib-go1.20.7			0.00115	false
CVE-2025-8194	Anchore CVE	High	python-3.10.18			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.10.18			0.00096	false
CVE-2025-8194	Anchore CVE	High	python-3.10.18			0.00096	false
CVE-2025-6069	Anchore CVE	Medium	python-3.10.18			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.10.18			0.00090	false
CVE-2025-6069	Anchore CVE	Medium	python-3.10.18			0.00090	false
CVE-2024-24790	Twistlock CVE	Critical	net/netip-1.20.7			0.00090	false
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.20.7			0.00090	false
CVE-2023-39325	Twistlock CVE	High	net/http-1.20.7			0.00089	false
CVE-2023-39325	Anchore CVE	High	stdlib-go1.20.7			0.00089	false
CVE-2024-34158	Anchore CVE	High	stdlib-go1.20.7			0.00082	false
CVE-2023-39319	Anchore CVE	Medium	stdlib-go1.20.7			0.00062	false
CVE-2023-39318	Anchore CVE	Medium	stdlib-go1.20.7			0.00062	false
CVE-2023-39323	Anchore CVE	High	stdlib-go1.20.7			0.00060	false
CVE-2023-45285	Anchore CVE	High	stdlib-go1.20.7			0.00055	false
CVE-2025-47907	Anchore CVE	High	stdlib-go1.20.7			0.00054	false
CVE-2025-27789	Twistlock CVE	Medium	@babel/runtime-7.22.5	Its only if you are passing untrusted inputs to the second argument of RegExp.prototype.replace, which is a rare thing to do		0.00050	false
CVE-2025-27789	Twistlock CVE	Medium	@babel/runtime-7.23.2	Its only if you are passing untrusted inputs to the second argument of RegExp.prototype.replace, which is a rare thing to do		0.00050	false
CVE-2023-39326	Twistlock CVE	Medium	net/http/internal-1.20.7			0.00049	false
CVE-2023-39326	Anchore CVE	Medium	stdlib-go1.20.7			0.00049	false
CVE-2024-45336	Twistlock CVE	Low	net/http-1.20.7			0.00041	false
CVE-2024-45336	Anchore CVE	Medium	stdlib-go1.20.7			0.00041	false
CVE-2025-55173	Twistlock CVE	Medium	next-14.2.28			0.00040	false
CVE-2024-53382	Twistlock CVE	Medium	prismjs-1.29.0			0.00036	false
CVE-2024-53382	Twistlock CVE	Medium	prismjs-1.27.0			0.00036	false
CVE-2024-45341	Twistlock CVE	Low	crypto/x509-1.20.7			0.00032	false
CVE-2024-45341	Anchore CVE	Medium	stdlib-go1.20.7			0.00032	false
CVE-2025-57822	Twistlock CVE	Medium	next-14.2.28			0.00028	false
CVE-2025-48068	Twistlock CVE	Low	next-14.2.28			0.00028	false
CVE-2025-5889	Twistlock CVE	Low	brace-expansion-1.1.11	Im mirroring the CVE severity assessment here.	Sanitize strings being passed to the function so that they dont contain many , in a row.	0.00022	false
CVE-2025-7783	Twistlock CVE	Critical	form-data-4.0.0	See the impact section in the attached GHSA.		0.00020	false
CVE-2023-45284	Twistlock CVE	Medium	path/filepath-1.20.7			0.00020	false
CVE-2025-4673	Twistlock CVE	Low	net/http-1.20.7			0.00019	false
CVE-2025-4673	Anchore CVE	Medium	stdlib-go1.20.7			0.00019	false
CVE-2025-46653	Twistlock CVE	Low	formidable-3.5.1			0.00014	false
CVE-2025-22871	Twistlock CVE	Low	net/http/internal-1.20.7			0.00013	false
CVE-2025-22871	Anchore CVE	Critical	stdlib-go1.20.7			0.00013	false
CVE-2025-57752	Twistlock CVE	Medium	next-14.2.28			0.00012	false
CVE-2025-22866	Twistlock CVE	Low	crypto/internal/nistec-1.20.7			0.00012	false
CVE-2025-22866	Anchore CVE	Medium	stdlib-go1.20.7			0.00012	false
CVE-2025-4674	Anchore CVE	High	stdlib-go1.20.7			0.00006	false
CVE-2024-24789	Twistlock CVE	Medium	archive/zip-1.20.7			0.00006	false
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.20.7			0.00006	false
dd76dea9595c709b4058036e22892e8f	Anchore Compliance	Critical				N/A	N/A
d96628426196f0a13fce7f5c231da259	Anchore Compliance	Critical				N/A	N/A
cbda6acbdb1c2b853c34ee647c9359e7	Anchore Compliance	Critical				N/A	N/A
c222d5f6c1c9815a05a85ce755374574	Anchore Compliance	Critical				N/A	N/A
bbffb91d67a41630712dd5857ba750b1	Anchore Compliance	Critical				N/A	N/A
ba617e9a453ee97d487b90fcefd3a037	Anchore Compliance	Critical				N/A	N/A
a565683d63c8e56b576c5f8cb63053ee	Anchore Compliance	Critical				N/A	N/A
a09431aedc5e8952b786edcc85645b15	Anchore Compliance	Critical				N/A	N/A
GHSA-xv57-4mr9-wg8v	Anchore CVE	Medium	next-14.2.28			N/A	N/A
GHSA-xffm-g5w8-qvg7	Twistlock CVE	Low	@eslint/plugin-kit-0.2.8			N/A	N/A
GHSA-xffm-g5w8-qvg7	Anchore CVE	Low	@eslint/plugin-kit-0.2.8			N/A	N/A
GHSA-x7hr-w5r2-h6wg	Anchore CVE	Medium	prismjs-1.27.0			N/A	N/A
GHSA-x7hr-w5r2-h6wg	Anchore CVE	Medium	prismjs-1.29.0			N/A	N/A
GHSA-v6h2-p8h4-qcjw	Anchore CVE	Low	brace-expansion-1.1.11			N/A	N/A
GHSA-g5qg-72qw-gw5v	Anchore CVE	Medium	next-14.2.28			N/A	N/A
GHSA-fjxv-7rqg-78g4	Anchore CVE	Critical	form-data-4.0.0			N/A	N/A
GHSA-968p-4wvh-cqc8	Anchore CVE	Medium	@babel/runtime-7.22.5			N/A	N/A
GHSA-968p-4wvh-cqc8	Anchore CVE	Medium	@babel/runtime-7.23.2			N/A	N/A
GHSA-75v8-2h7p-7m2m	Anchore CVE	Low	formidable-3.5.1			N/A	N/A
GHSA-67mh-4wv8-2f99	Twistlock CVE	Medium	esbuild-0.18.20			N/A	N/A
GHSA-67mh-4wv8-2f99	Anchore CVE	Medium	esbuild-0.18.20			N/A	N/A
GHSA-4342-x723-ch2f	Anchore CVE	Medium	next-14.2.28			N/A	N/A
GHSA-3h52-269p-cp9r	Anchore CVE	Low	next-14.2.28			N/A	N/A
90838cd2efa235ada2f448f50be58635	Anchore Compliance	Critical				N/A	N/A
8682c3c8ac12ead8770f68567a8fc6fe	Anchore Compliance	Critical				N/A	N/A
7e1307260ffc98b26a5a44dd56e7e3b1	Anchore Compliance	Critical				N/A	N/A
7bbcf93f2ba6c5971643c9859fa35696	Anchore Compliance	Critical				N/A	N/A
4f3f417a717acccfd4d3ae90b68fecf7	Anchore Compliance	Critical				N/A	N/A
49b03166ab46815d7d272b2a28550ec0	Anchore Compliance	Critical				N/A	N/A
4775e62d2dc763dbb3fca65fc0ddb8e6	Anchore Compliance	Critical				N/A	N/A
35d2deace41d9ca1218b657dad1938c9	Anchore Compliance	Critical				N/A	N/A
26333da9da224e000eff38a63570d893	Anchore Compliance	Critical				N/A	N/A
1f0e24335f7a9a983e1df57e0f221bc3	Anchore Compliance	Critical				N/A	N/A
022513029418a42769a9063e96737d23	Anchore Compliance	Critical				N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=gladstone/afta/funcapp&tag=0.26.0&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 05, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): gladstone/afta/funcapp

Summary

Tasks

Questions?