chore(findings): jfrog/artifactory/artifactory
Summary
jfrog/artifactory/artifactory has 238 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-41881 | Anchore CVE | High | grpc-netty-1.58.0 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.9 |
GHSA-wf5p-g6vw-rhxx | Anchore CVE | Medium | axios-0.21.4 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.16.0 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.0.0-20220314234659-1baeb1ce4c0b |
GHSA-wf5p-g6vw-rhxx | Anchore CVE | Medium | axios-0.27.2 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.2 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.14.0 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.0.0-20220314234659-1baeb1ce4c0b |
CVE-2014-3488 | Anchore CVE | Medium | grpc-netty-1.58.0 |
CVE-2023-46589 | Anchore CVE | High | tomcat-jdbc-9.0.82 |
GHSA-jq35-85cj-fj4p | Anchore CVE | Medium | github.com/docker/docker-v23.0.3+incompatible |
CVE-2021-21409 | Anchore CVE | Medium | grpc-netty-1.58.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
CVE-2023-48795 | Anchore CVE | Medium | sshd-core-2.10.0 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.16.0 |
CVE-2023-48795 | Anchore CVE | Medium | sshd-common-2.10.0 |
CVE-2019-16869 | Anchore CVE | High | grpc-netty-1.58.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.2 |
CVE-2021-21295 | Anchore CVE | Medium | grpc-netty-1.58.0 |
CVE-2021-37137 | Anchore CVE | High | grpc-netty-1.58.0 |
GHSA-wf5p-g6vw-rhxx | Anchore CVE | Medium | axios-0.21.4 |
CVE-2023-22521 | Anchore CVE | High | crowd-integration-springsecurity-5.0.3 |
CVE-2021-37136 | Anchore CVE | High | grpc-netty-1.58.0 |
GHSA-wf5p-g6vw-rhxx | Anchore CVE | Medium | axios-0.26.1 |
CVE-2023-22521 | Anchore CVE | High | crowd-integration-springsecurity-common-5.0.3 |
GHSA-wf5p-g6vw-rhxx | Anchore CVE | Medium | axios-0.26.0 |
GHSA-2c7c-3mj9-8fqh | Anchore CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.0 |
CVE-2023-34462 | Anchore CVE | Medium | grpc-netty-1.58.0 |
CVE-2021-21290 | Anchore CVE | Medium | grpc-netty-1.58.0 |
CVE-2015-2156 | Anchore CVE | High | grpc-netty-1.58.0 |
GHSA-jq35-85cj-fj4p | Anchore CVE | Medium | github.com/docker/docker-v23.0.5+incompatible |
CVE-2021-43797 | Anchore CVE | Medium | grpc-netty-1.58.0 |
GHSA-ppxx-5m9h-6vxf | Anchore CVE | Medium | github.com/quic-go/quic-go-v0.39.1 |
GHSA-jchw-25xp-jwwc | Anchore CVE | Medium | follow-redirects-1.14.9 |
CVE-2022-24823 | Anchore CVE | Medium | grpc-netty-1.58.0 |
GHSA-p6mc-m468-83gw | Anchore CVE | High | lodash.pick-4.4.0 |
CVE-2023-44487 | Anchore CVE | High | grpc-netty-1.58.0 |
CVE-2023-22521 | Anchore CVE | High | crowd-integration-springsecurity-common-5.0.3 |
CVE-2023-22521 | Anchore CVE | High | crowd-integration-springsecurity-5.0.3 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.15.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.2 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.16.0 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.9 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-m7wr-2xf7-cm9p | Anchore CVE | Medium | github.com/jackc/pgx/v4-v4.13.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-c5q2-7r4c-mv6g | Anchore CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.0 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-cxjh-pqwp-8mfp | Anchore CVE | Medium | follow-redirects-1.14.9 |
GHSA-7jwh-3vrq-q3m8 | Anchore CVE | Medium | github.com/jackc/pgproto3/v2-v2.1.1 |
GHSA-mrww-27vc-gghv | Anchore CVE | Medium | github.com/jackc/pgproto3/v2-v2.1.1 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.31 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.31 |
GHSA-7jwh-3vrq-q3m8 | Anchore CVE | Medium | github.com/jackc/pgx/v4-v4.13.0 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.31 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.31 |
GHSA-mrww-27vc-gghv | Anchore CVE | Medium | github.com/jackc/pgx/v4-v4.13.0 |
GHSA-xw73-rw38-6vjc | Anchore CVE | Medium | github.com/docker/docker-v23.0.5+incompatible |
GHSA-xw73-rw38-6vjc | Anchore CVE | Medium | github.com/docker/docker-v23.0.3+incompatible |
GHSA-mq39-4gv4-mvpx | Anchore CVE | Medium | github.com/docker/docker-v23.0.3+incompatible |
GHSA-mq39-4gv4-mvpx | Anchore CVE | Medium | github.com/docker/docker-v23.0.5+incompatible |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final |
GHSA-rv95-896h-c2vc | Anchore CVE | Medium | express-4.17.3 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.100.Final |
GHSA-5667-3wch-7q7w | Anchore CVE | Medium | vertx-core-4.5.1 |
GHSA-c33x-xqrf-c478 | Anchore CVE | High | github.com/quic-go/quic-go-v0.39.1 |
GHSA-9ph3-v2vh-3qx7 | Anchore CVE | Medium | vertx-core-4.4.4 |
GHSA-9ph3-v2vh-3qx7 | Anchore CVE | Medium | vertx-core-4.5.1 |
GHSA-9ph3-v2vh-3qx7 | Anchore CVE | Medium | vertx-core-4.4.4 |
GHSA-9ph3-v2vh-3qx7 | Anchore CVE | Medium | vertx-core-4.4.4 |
GHSA-f5x3-32g6-xq36 | Anchore CVE | Medium | tar-6.1.11 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
GHSA-4vwx-54mw-vqfw | Anchore CVE | High | github.com/traefik/traefik/v2-v2.10.7 |
GHSA-7f4j-64p6-5h5v | Anchore CVE | Medium | github.com/traefik/traefik/v2-v2.10.7 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.17.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.19.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.19.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.19.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.17.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.17.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.19.0 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.18.0 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-websocket-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-util-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-core-9.0.84 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-embed-core-9.0.84 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-core-9.0.84 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.21.4 |
CVE-2016-6325 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.83 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-embed-core-9.0.82 |
CVE-2019-9704 | Anchore CVE | Low | cronie-1.5.2-8.el8 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.27 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-core-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-jni-9.0.83 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.21.4 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.21.4 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.27 |
GHSA-w33c-445m-f8w7 | Anchore CVE | Medium | okio-2.8.0 |
CVE-2019-9705 | Anchore CVE | Medium | cronie-1.5.2-8.el8 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-core-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-el-9.0.82 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.82 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-coyote-9.0.83 |
CVE-2023-46589 | Anchore CVE | High | tomcat-embed-el-9.0.82 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.83 |
GHSA-jjfh-589g-3hjx | Anchore CVE | Medium | spring-boot-2.7.17 |
CVE-2016-5425 | Anchore CVE | High | tomcat-coyote-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-core-9.0.84 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-core-9.0.82 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-embed-core-9.0.83 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.27 |
CVE-2016-5425 | Anchore CVE | High | tomcat-util-scan-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
GHSA-f3jh-qvm4-mg39 | Anchore CVE | High | spring-security-core-5.7.11 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.27 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-coyote-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-jni-9.0.83 |
CVE-2023-46589 | Anchore CVE | High | tomcat-juli-9.0.82 |
GHSA-v682-8vv8-vpwr | Anchore CVE | Medium | tomcat-embed-websocket-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.82 |
CVE-2016-6325 | Anchore CVE | High | tomcat-util-scan-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-websocket-9.0.83 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.21.4 |
GHSA-f3jh-qvm4-mg39 | Anchore CVE | High | spring-security-core-5.8.7 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.10 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.27 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.21.4 |
GHSA-f3jh-qvm4-mg39 | Anchore CVE | High | spring-security-core-5.8.7 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.21.4 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-embed-core-9.0.84 |
GHSA-fccv-jmmp-qg76 | Anchore CVE | High | tomcat-embed-core-9.0.82 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-el-9.0.82 |
CVE-2016-6325 | Anchore CVE | High | tomcat-api-9.0.83 |
CVE-2019-9705 | Anchore CVE | Medium | cronie-anacron-1.5.2-8.el8 |
CVE-2016-6325 | Anchore CVE | High | tomcat-util-9.0.83 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.30 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.27 |
CVE-2018-1121 | Anchore CVE | Low | procps-ng-3.3.15-14.el8 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.27 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.27 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
CVE-2019-9704 | Anchore CVE | Low | cronie-anacron-1.5.2-8.el8 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
GHSA-f3jh-qvm4-mg39 | Anchore CVE | High | spring-security-core-5.8.7 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.30 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.27 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk15on-1.68 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-core-9.0.82 |
CVE-2016-5425 | Anchore CVE | High | tomcat-embed-el-9.0.83 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk15on-1.68 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.30 |
CVE-2016-6325 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-annotations-api-9.0.83 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-api-9.0.83 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.83 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.10 |
CVE-2016-6325 | Anchore CVE | High | tomcat-embed-core-9.0.84 |
GHSA-24rp-q3w6-vc56 | Anchore CVE | Critical | postgresql-42.4.3 |
CVE-2024-1597 | Twistlock CVE | Critical | org.postgresql_postgresql-42.4.3 |
CVE-2024-22243 | Twistlock CVE | High | spring-web-5.3.27 |
CVE-2024-22243 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.9 |
CVE-2023-34055 | Twistlock CVE | Medium | spring-boot-2.7.17 |
CVE-2023-48795 | Twistlock CVE | Medium | golang.org/x/crypto/ssh-v0.16.0 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.68 |
GO-2023-2334 | Twistlock CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.0 |
GHSA-jq35-85cj-fj4p | Twistlock CVE | Medium | github.com/docker/docker-v23.0.5 |
GHSA-jq35-85cj-fj4p | Twistlock CVE | Medium | github.com/docker/docker-v23.0.3 |
CVE-2024-28180 | Twistlock CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.0 |
CVE-2024-27304 | Twistlock CVE | Medium | github.com/jackc/pgproto3/v2-v2.1.1 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.68 |
CVE-2024-24549 | Twistlock CVE | Medium | tomcat-embed-core-9.0.82 |
CVE-2024-24549 | Twistlock CVE | Medium | tomcat-embed-core-9.0.83 |
CVE-2024-24549 | Twistlock CVE | Medium | tomcat-embed-core-9.0.84 |
CVE-2023-52428 | Twistlock CVE | Medium | com.nimbusds_nimbus-jose-jwt-9.31 |
CVE-2024-22257 | Twistlock CVE | High | spring-security-core-5.7.11 |
CVE-2024-22257 | Twistlock CVE | High | spring-security-core-5.8.7 |
CVE-2024-22259 | Twistlock CVE | High | spring-web-5.3.27 |
CVE-2024-22259 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2024-24557 | Twistlock CVE | Medium | github.com/docker/docker-v23.0.5 |
CVE-2024-24557 | Twistlock CVE | Medium | github.com/docker/docker-v23.0.3 |
CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.100.Final |
CVE-2024-1023 | Twistlock CVE | Medium | io.vertx_vertx-core-4.5.1 |
CVE-2024-22189 | Twistlock CVE | High | github.com/quic-go/quic-go-v0.39.1 |
CVE-2024-1300 | Twistlock CVE | Medium | io.vertx_vertx-core-4.5.1 |
CVE-2024-1300 | Twistlock CVE | Medium | io.vertx_vertx-core-4.4.4 |
CVE-2023-45288 | Twistlock CVE | Medium | golang.org/x/net/http2-v0.18.0 |
CVE-2023-45288 | Twistlock CVE | Medium | golang.org/x/net/http2-v0.19.0 |
CVE-2023-45288 | Twistlock CVE | Medium | golang.org/x/net/http2-v0.17.0 |
CVE-2024-24549 | Twistlock CVE | Medium | tomcat-coyote-9.0.83 |
CVE-2024-23672 | Twistlock CVE | Medium | tomcat-embed-websocket-9.0.83 |
CVE-2024-28869 | Twistlock CVE | High | github.com/traefik/traefik/v2-v2.10.7 |
CVE-2024-21634 | Twistlock CVE | High | software.amazon.ion_ion-java-1.0.2 |
GHSA-7f4j-64p6-5h5v | Twistlock CVE | Medium | github.com/traefik/traefik/v2-v2.10.7 |
CVE-2024-22262 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2024-22262 | Twistlock CVE | High | spring-web-5.3.27 |
CVE-2024-34447 | Twistlock CVE | Low | org.bouncycastle_bcprov-jdk18on-1.77 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.9 |
CVE-2023-46589 | Twistlock CVE | High | tomcat-embed-core-9.0.82 |
CVE-2020-8203 | Twistlock CVE | High | lodash.pick-4.4.0 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.1-jre |
CVE-2024-28863 | Twistlock CVE | Medium | tar-6.1.11 |
CVE-2024-28849 | Twistlock CVE | Medium | follow-redirects-1.14.9 |
CVE-2024-29041 | Twistlock CVE | Medium | express-4.17.3 |
CVE-2023-26159 | Twistlock CVE | Medium | follow-redirects-1.14.9 |
CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.1-jre |
VAT: https://vat.dso.mil/vat/image?imageName=jfrog/artifactory/artifactory&tag=7.77.5&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=jfrog/artifactory/artifactory&tag=7.63.5&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.