chore(findings): google/distroless/java-8
Summary
google/distroless/java-8 has 146 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2019-1010022 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2019-1010025 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2019-6129 | anchore_cve | Negligible | libpng16-16-1.6.28-1+deb9u1 |
CVE-2018-11813 | anchore_cve | Negligible | libjpeg62-turbo-1:1.5.1-2+deb9u1 |
CVE-2019-1010023 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2013-0340 | anchore_cve | Negligible | libexpat1-2.2.0-2+deb9u3 |
CVE-2019-7309 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2018-14550 | anchore_cve | Negligible | libpng16-16-1.6.28-1+deb9u1 |
CVE-2018-14048 | anchore_cve | Negligible | libpng16-16-1.6.28-1+deb9u1 |
CVE-2010-4756 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2019-1010024 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2019-9192 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2015-8985 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2018-20796 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2017-15232 | anchore_cve | Negligible | libjpeg62-turbo-1:1.5.1-2+deb9u1 |
CVE-2019-6488 | anchore_cve | Negligible | libc6-2.24-11+deb9u4 |
CVE-2019-2201 | twistlock_cve | Low | libjpeg-turbo-1:1.5.1-2+deb9u1 |
CVE-2016-2779 | twistlock_cve | Low | util-linux-2.29.2-1+deb9u1 |
CVE-2021-2163 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-2369 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-2388 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-2341 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35561 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35564 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35565 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35567 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35559 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35550 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35578 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35603 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35556 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35588 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2021-35586 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2018-12886 | twistlock_cve | High | gcc-6-6.3.0-18+deb9u1 |
CVE-2017-12652 | twistlock_cve | Low | libpng1.6-1.6.28-1+deb9u1 |
CVE-2019-1551 | twistlock_cve | Low | openssl-1.1.0l-1~deb9u3 |
CVE-2021-3712 | twistlock_cve | Low | openssl-1.1.0l-1~deb9u3 |
CVE-2021-33574 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2021-3326 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2021-27645 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2020-6096 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2020-27618 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2020-1752 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2020-1751 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2020-10029 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2019-9169 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2019-25013 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2019-19126 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2018-6551 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2018-6485 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2016-10228 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2016-10739 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2018-1000001 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2017-12132 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2021-35942 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2009-5155 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2007-6755 | anchore_cve | Negligible | libssl1.1-1.1.0l-1~deb9u3 |
CVE-2021-35588 | anchore_cve | Low | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2010-0928 | anchore_cve | Negligible | libssl1.1-1.1.0l-1~deb9u3 |
CVE-2021-2163 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35559 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35603 | anchore_cve | Low | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-3712 | anchore_cve | High | openssl-1.1.0l-1~deb9u3 |
CVE-2007-6755 | anchore_cve | Negligible | openssl-1.1.0l-1~deb9u3 |
CVE-2021-2369 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-3712 | anchore_cve | High | libssl1.1-1.1.0l-1~deb9u3 |
CVE-2021-35550 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2010-0928 | anchore_cve | Negligible | openssl-1.1.0l-1~deb9u3 |
CVE-2021-2388 | anchore_cve | High | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35556 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35561 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35578 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35586 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2020-17541 | anchore_cve | Negligible | libjpeg62-turbo-1:1.5.1-2+deb9u1 |
CVE-2021-35564 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35567 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-35565 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-2341 | anchore_cve | Low | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2021-45960 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2021-46143 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2021-46143 | anchore_cve | High | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22822 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22823 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22824 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22825 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22826 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22827 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-22824 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22827 | anchore_cve | High | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22823 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22825 | anchore_cve | High | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22822 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-22826 | anchore_cve | High | libexpat1-2.2.0-2+deb9u3 |
CVE-2021-3999 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2022-23218 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2022-23219 | twistlock_cve | Low | glibc-2.24-11+deb9u4 |
CVE-2022-21248 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21282 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21293 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21294 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21296 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21299 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21305 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21340 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21341 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21349 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21360 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21365 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-21360 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21340 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21248 | anchore_cve | Low | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21282 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21349 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21365 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21341 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21305 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21299 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21293 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21294 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-21296 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-23852 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2021-4214 | anchore_cve | Negligible | libpng16-16-1.6.28-1+deb9u1 |
CVE-2022-23990 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-25315 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-25236 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-25235 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-23990 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-23852 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2022-25313 | twistlock_cve | Low | expat-2.2.0-2+deb9u3 |
CVE-2021-4160 | twistlock_cve | Low | openssl-1.1.0l-1~deb9u3 |
CVE-2022-21283 | twistlock_cve | Low | openjdk-8-8u275-b01-1~deb9u1 |
CVE-2022-25236 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-0563 | anchore_cve | Negligible | libuuid1-2.29.2-1+deb9u1 |
CVE-2022-25315 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-25235 | anchore_cve | Critical | libexpat1-2.2.0-2+deb9u3 |
CVE-2021-45960 | anchore_cve | High | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-21283 | anchore_cve | Medium | openjdk-8-jre-headless-8u275-b01-1~deb9u1 |
CVE-2022-25313 | anchore_cve | Medium | libexpat1-2.2.0-2+deb9u3 |
CVE-2022-0778 | twistlock_cve | High | openssl-1.1.0l-1~deb9u3 |
CVE-2022-0778 | anchore_cve | High | openssl-1.1.0l-1~deb9u3 |
CVE-2022-0778 | anchore_cve | High | libssl1.1-1.1.0l-1~deb9u3 |
CVE-2019-1551 | anchore_cve | Medium | openssl-1.1.0l-1~deb9u3 |
CVE-2019-1551 | anchore_cve | Medium | libssl1.1-1.1.0l-1~deb9u3 |
CVE-2018-25032 | twistlock_cve | High | zlib-1:1.2.8.dfsg-5 |
CVE-2018-25032 | anchore_cve | High | zlib1g-1:1.2.8.dfsg-5 |
CVE-2021-37600 | twistlock_cve | Low | util-linux-2.29.2-1+deb9u1 |
VAT: https://vat.dso.mil/vat/container/5690?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/google/distroless/java-8/-/jobs/11264854
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.