chore(findings): microfocus/fortify/sca
Summary
microfocus/fortify/sca has 250 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-39325 | Anchore CVE | High | go-1.20.4 |
CVE-2023-39326 | Anchore CVE | Medium | go-1.20.4 |
GHSA-4jq9-2xhw-jpx7 | Anchore CVE | High | json-20220320 |
CVE-2023-45285 | Anchore CVE | High | go-1.20.4 |
CVE-2023-34053 | Anchore CVE | High | spring-core-6.0.10 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.2 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.23.0 |
GHSA-jw7r-rxff-gv24 | Anchore CVE | Medium | apache-mime4j-core-0.7.2 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.23.0 |
GHSA-xjp4-hw94-mvp5 | Anchore CVE | Medium | commons-configuration2-2.8.0 |
GHSA-9w38-p64v-xpmv | Anchore CVE | Medium | commons-configuration2-2.8.0 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-ajax-9.4.39.v20210325 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-ajax-9.4.39.v20210325 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | jetty-http-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.contenttype-3.8.100 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.ltk.core.refactoring-3.12.100 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-9.4.39.v20210325 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | jetty-security-9.4.39.v20210325 |
GHSA-555c-2p6r-68mm | Anchore CVE | High | System.Security.Cryptography.Pkcs-6.0.1 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.equinox.app-1.6.100 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
GHSA-c3hf-8vgx-72rh | Anchore CVE | High | System.Net.Requests-6.0.0.0 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
GHSA-j24h-xcpc-9jw8 | Anchore CVE | Medium | org.eclipse.core.runtime-3.24.0 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.29 |
CVE-2023-44487 | Anchore CVE | High | jetty-servlet-9.4.39.v20210325 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.osgi.services-3.10.200 |
GHSA-jjfh-589g-3hjx | Anchore CVE | Medium | spring-boot-3.1.1 |
CVE-2022-2048 | Anchore CVE | High | jetty-io-9.4.39.v20210325 |
GHSA-c43q-5hpj-4crv | Anchore CVE | Medium | jersey-common-2.31 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2021-34428 | Anchore CVE | Low | jetty-io-9.4.39.v20210325 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.filebuffers-3.7.100 |
CVE-2022-2048 | Anchore CVE | High | jetty-server-9.4.39.v20210325 |
GHSA-p26g-97m4-6q7c | Anchore CVE | Low | jetty-server-9.4.39.v20210325 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
GHSA-68m8-v89j-7j2p | Anchore CVE | Medium | bc-fips-1.0.2.3 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.11.1 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.text-3.12.0 |
CVE-2022-2048 | Anchore CVE | High | jetty-http-9.4.39.v20210325 |
GHSA-m6cp-vxjx-65j6 | Anchore CVE | Low | jetty-server-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.resources-3.16.0 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
GHSA-hmr7-m48g-48f6 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.variables-3.5.100 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2022-2047 | Anchore CVE | Low | jetty-server-9.4.39.v20210325 |
CVE-2021-34428 | Anchore CVE | Low | jetty-http-9.4.39.v20210325 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-security-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.team.core-3.8.700 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.jobs-3.12.0 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.filesystem-1.9.200 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.equinox.registry-3.11.100 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.11.1 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-ajax-9.4.39.v20210325 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-ajax-9.4.39.v20210325 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.29 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.commands-3.10.100 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2021-34429 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2021-34429 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2023-36478 | Anchore CVE | High | jetty-http-9.4.39.v20210325 |
CVE-2023-36478 | Anchore CVE | High | jetty-io-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.equinox.preferences-3.9.100 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk15on-1.70 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2021-34429 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
GHSA-5crp-9r3c-p9vr | Anchore CVE | High | Newtonsoft.Json-11.0.2 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2022-2047 | Anchore CVE | Low | jetty-io-9.4.39.v20210325 |
CVE-2023-36478 | Anchore CVE | High | jetty-security-9.4.39.v20210325 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2021-28169 | Anchore CVE | Medium | jetty-http-9.4.39.v20210325 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-3fx3-85r4-8j3w | Anchore CVE | Medium | Microsoft.AspNetCore.Components-6.0.0.0 |
CVE-2021-28169 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.debug.core-3.19.0 |
CVE-2022-2047 | Anchore CVE | Low | jetty-servlet-9.4.39.v20210325 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2021-34429 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.equinox.common-3.15.100 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.29 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-security-9.4.39.v20210325 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.11.1 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-9339-86wc-4qgf | Anchore CVE | High | xalan-2.7.2 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-9.4.39.v20210325 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-ajax-9.4.39.v20210325 |
GHSA-cmhx-cq75-c4mj | Anchore CVE | High | System.Text.RegularExpressions-4.3.0 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.11.1 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-9.4.39.v20210325 |
CVE-2023-39318 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
GHSA-qw69-rqj8-6qw8 | Anchore CVE | Medium | jetty-server-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.osgi.util-3.6.100 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-ajax-9.4.39.v20210325 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-cj7v-27pg-wf7q | Anchore CVE | Low | jetty-http-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.compare.core-3.6.600 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.runtime-3.24.0 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.osgi-3.17.0 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29405 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-36478 | Anchore CVE | High | jetty-servlet-9.4.39.v20210325 |
GHSA-7jgj-8wvc-jh57 | Anchore CVE | High | System.Net.Http-4.3.0 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-security-9.4.39.v20210325 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.11.1 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-security-9.4.39.v20210325 |
CVE-2023-44487 | Anchore CVE | High | jetty-io-9.4.39.v20210325 |
CVE-2023-29402 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-9.4.39.v20210325 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.core.expressions-3.8.100 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29406 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | jetty-server-9.4.39.v20210325 |
CVE-2023-39325 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29404 | Anchore CVE | Critical | stdlib-go1.20.4 |
CVE-2021-28169 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2020-27225 | Anchore CVE | High | org.eclipse.ant.core-3.6.200 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39319 | Anchore CVE | Medium | stdlib-go1.20.4 |
GHSA-68m8-v89j-7j2p | Anchore CVE | Medium | bc-fips-1.0.2.3 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-9.4.39.v20210325 |
CVE-2021-28169 | Anchore CVE | Medium | jetty-servlet-9.4.39.v20210325 |
CVE-2023-29409 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2022-2048 | Anchore CVE | High | jetty-servlet-9.4.39.v20210325 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk15on-1.70 |
CVE-2023-36478 | Anchore CVE | High | jetty-server-9.4.39.v20210325 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-security-9.4.39.v20210325 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-9.4.39.v20210325 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-io-9.4.39.v20210325 |
CVE-2021-34428 | Anchore CVE | Low | jetty-servlet-9.4.39.v20210325 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-ajax-9.4.39.v20210325 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39323 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.4 |
CVE-2023-44487 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2023-29403 | Anchore CVE | High | stdlib-go1.20.4 |
CVE-2024-22243 | Twistlock CVE | High | spring-web-5.3.29 |
CVE-2024-21907 | Twistlock CVE | High | newtonsoft.json-11.0.2 |
CVE-2023-5072 | Twistlock CVE | High | org.json_json-20220320 |
CVE-2023-29331 | Twistlock CVE | High | system.security.cryptography.pkcs-6.0.1 |
CVE-2022-45688 | Twistlock CVE | High | org.json_json-20220320 |
CVE-2019-0820 | Twistlock CVE | High | system.text.regularexpressions-4.3.0 |
CVE-2018-8292 | Twistlock CVE | High | system.net.http-4.3.0 |
CVE-2023-34055 | Twistlock CVE | Medium | spring-boot-3.1.1 |
CVE-2021-28168 | Twistlock CVE | Medium | org.glassfish.jersey.core_jersey-common-2.31 |
CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.39.v20210325 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-9.4.39.v20210325 |
CVE-2024-21742 | Twistlock CVE | Medium | org.apache.james_apache-mime4j-core-0.7.2 |
CVE-2021-34428 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-9.4.39.v20210325 |
CVE-2022-2047 | Twistlock CVE | Low | org.eclipse.jetty_jetty-http-9.4.39.v20210325 |
CVE-2023-26049 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-9.4.39.v20210325 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2024-22259 | Twistlock CVE | High | spring-web-5.3.29 |
CVE-2024-29133 | Twistlock CVE | Medium | org.apache.commons_commons-configuration2-2.8.0 |
CVE-2024-29131 | Twistlock CVE | Medium | org.apache.commons_commons-configuration2-2.8.0 |
CVE-2024-22262 | Twistlock CVE | High | spring-web-5.3.29 |
CVE-2023-4218 | Twistlock CVE | Medium | org.eclipse.core.runtime-3.24.0 |
CVE-2023-44487 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-36478 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-34053 | Twistlock CVE | High | spring-core-6.0.10 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.1 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.1 |
CVE-2022-2048 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2021-46877 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.1 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-30.0-jre |
CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.23.0 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.23.0 |
CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-26049 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2021-34429 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2021-28169 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-22041 | Twistlock CVE | Medium | java-17.0.7 |
CVE-2023-41900 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-36479 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2023-22049 | Twistlock CVE | Low | java-17.0.7 |
CVE-2023-22045 | Twistlock CVE | Low | java-17.0.7 |
CVE-2023-22044 | Twistlock CVE | Low | java-17.0.7 |
CVE-2023-22036 | Twistlock CVE | Low | java-17.0.7 |
CVE-2021-34428 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-30.0-jre |
CVE-2023-22006 | Twistlock CVE | Low | java-17.0.7 |
CVE-2022-2047 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.39.v20210325 |
VAT: https://vat.dso.mil/vat/image?imageName=microfocus/fortify/sca&tag=23.2.0.0125&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=microfocus/fortify/sca&tag=23.1.1.0007&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.