chore(findings): octo/ddf
Summary
octo/ddf has 200 new findings discovered during continuous monitoring.
Layer: opensource/alpinelinux/alpine:3.20.3 is EOL, please update if possible
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=octo/ddf&tag=3.1.0&branch=master
EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.
KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.
| id | source | severity | package | impact | workaround | epss_score | kev |
|---|---|---|---|---|---|---|---|
| CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.33 | 0.93849 | false | ||
| CVE-2011-5034 | Anchore CVE | High | geronimo-el_2.2_spec-1.1 | 0.68968 | false | ||
| CVE-2008-3280 | Anchore CVE | Medium | jetty-openid-9.4.54.v20240208 | 0.05925 | false | ||
| CVE-2021-23383 | Anchore CVE | Critical | handlebars-4.3.1 | 0.04396 | false | ||
| CVE-2018-10237 | Twistlock CVE | Medium | com.google.guava_guava-18.0 | 0.03259 | false | ||
| CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.5 | 0.02798 | false | ||
| CVE-2021-23369 | Anchore CVE | Critical | handlebars-4.3.1 | 0.02542 | false | ||
| CVE-2020-17521 | Twistlock CVE | Medium | groovy-3.0.3 | 0.01790 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-io-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-http-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-client-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-http-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-openjdk8-server-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-servlets-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-client-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-proxy-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-servlet-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-io-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-rewrite-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-xml-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-openjdk8-client-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-java-client-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-java-client-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-jmx-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-client-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-java-server-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-alpn-server-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Anchore CVE | Medium | jetty-client-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2024-8184 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-10.0.22 | 0.01487 | false | ||
| CVE-2024-8184 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-9.4.54.v20240208 | 0.01487 | false | ||
| CVE-2007-1652 | Anchore CVE | High | jetty-openid-9.4.54.v20240208 | 0.01362 | false | ||
| CVE-2007-1651 | Anchore CVE | Medium | jetty-openid-9.4.54.v20240208 | 0.01275 | false | ||
| CVE-2023-38435 | Twistlock CVE | Medium | org.apache.felix_org.apache.felix.healthcheck.webconsoleplugin-2.0.2 | 0.01205 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.54.v20240208 | 0.01022 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.54.v20240208 | 0.01022 | false | ||
| CVE-2024-6763 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-10.0.22 | 0.01022 | false | ||
| CVE-2022-40152 | Twistlock CVE | Medium | com.fasterxml.woodstox_woodstox-core-6.2.8 | 0.00762 | false | ||
| CVE-2022-1271 | Anchore CVE | High | xz-1.9 | 0.00716 | false | ||
| CVE-2024-21742 | Twistlock CVE | Medium | org.apache.james_apache-mime4j-core-0.8.9 | 0.00658 | false | ||
| CVE-2015-4035 | Anchore CVE | High | xz-1.9 | 0.00612 | false | ||
| CVE-2021-29425 | Twistlock CVE | Medium | commons-io_commons-io-2.5 | 0.00484 | false | ||
| CVE-2023-5685 | Twistlock CVE | High | org.jboss.xnio_xnio-api-3.8.11.Final | 0.00474 | false | ||
| CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.23.0 | 0.00448 | false | ||
| CVE-2019-20920 | Anchore CVE | High | handlebars-4.3.1 | 0.00343 | false | ||
| CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.77.00.0 | 0.00337 | false | ||
| CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.76.0.0 | 0.00337 | false | ||
| CVE-2024-51504 | Anchore CVE | Critical | zookeeper-jute-3.9.2 | 0.00312 | false | ||
| CVE-2024-51504 | Twistlock CVE | Low | org.apache.zookeeper_zookeeper-3.9.2 | 0.00312 | false | ||
| CVE-2025-31672 | Twistlock CVE | Low | The Apache Software Foundation_poi-ooxml-5.2.3 | 0.00271 | false | ||
| CVE-2025-25247 | Twistlock CVE | Medium | org.apache.felix_org.apache.felix.webconsole-4.8.12 | 0.00266 | false | ||
| CVE-2024-34447 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.77.00.0 | 0.00227 | false | ||
| CVE-2024-34447 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.76.0.0 | 0.00227 | false | ||
| CVE-2020-27225 | Anchore CVE | High | org.eclipse.osgi-3.18.0 | 0.00184 | false | ||
| CVE-2025-46392 | Twistlock CVE | Low | commons-configuration_commons-configuration-1.10 | 0.00181 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.5 | 0.00173 | false | ||
| CVE-2024-47554 | Twistlock CVE | Low | commons-io_commons-io-2.11.0 | 0.00173 | false | ||
| CVE-2023-44483 | Twistlock CVE | Medium | org.apache.santuario_xmlsec-2.3.1 | 0.00169 | false | ||
| CVE-2025-48976 | Twistlock CVE | Low | commons-fileupload_commons-fileupload-1.5 | 0.00168 | false | ||
| CVE-2023-38286 | Anchore CVE | High | thymeleaf-3.0.15.RELEASE | 0.00148 | false | ||
| CVE-2023-33008 | Anchore CVE | Medium | org.apache.sling.commons.johnzon-1.2.16 | 0.00137 | false | ||
| CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.76.0.0 | 0.00136 | false | ||
| CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.77.00.0 | 0.00136 | false | ||
| CVE-2019-20922 | Anchore CVE | High | handlebars-4.3.1 | 0.00131 | false | ||
| CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.76.0.0 | 0.00100 | false | ||
| CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.77.00.0 | 0.00100 | false | ||
| CVE-2025-5115 | Twistlock CVE | High | org.eclipse.jetty.http2_http2-common-10.0.22 | 0.00098 | false | ||
| CVE-2025-5115 | Twistlock CVE | High | org.eclipse.jetty.http2_http2-common-9.4.54.v20240208 | 0.00098 | false | ||
| CVE-2025-58457 | Anchore CVE | Medium | zookeeper-jute-3.9.2 | 0.00093 | false | ||
| CVE-2025-58457 | Twistlock CVE | Low | org.apache.zookeeper_zookeeper-3.9.2 | 0.00093 | false | ||
| CVE-2025-8916 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.76.0.0 | 0.00087 | false | ||
| CVE-2025-8916 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.77.00.0 | 0.00087 | false | ||
| CVE-2024-7254 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.19.6 | 0.00085 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-io-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-openjdk8-client-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-jaas-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlets-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-java-server-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-continuation-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-http-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-server-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-xml-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-servlet-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-client-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-rewrite-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-client-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-openjdk8-server-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-alpn-java-client-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-openid-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-proxy-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-jmx-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-security-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Anchore CVE | High | jetty-util-ajax-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2024-13009 | Twistlock CVE | Low | org.eclipse.jetty_jetty-io-9.4.54.v20240208 | 0.00078 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | guava-31.1.0.jre | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-18.0 | 0.00072 | false | ||
| CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.1-jre | 0.00072 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | guava-31.1.0.jre | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-18.0 | 0.00071 | false | ||
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.1-jre | 0.00071 | false | ||
| CVE-2025-8885 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.76.0.0 | 0.00063 | false | ||
| CVE-2025-8885 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.77.00.0 | 0.00063 | false | ||
| CVE-2025-66516 | Twistlock CVE | Critical | org.apache.tika_tika-core-2.8.0 | 0.00063 | false | ||
| CVE-2025-66516 | Anchore CVE | Critical | tika-parsers-standard-package-2.8.0 | 0.00063 | false | ||
| CVE-2025-66516 | Anchore CVE | Critical | tika-bundle-standard-2.8.0 | 0.00063 | false | ||
| CVE-2008-0732 | Anchore CVE | Low | geronimo-el_2.2_spec-1.1 | 0.00054 | false | ||
| CVE-2025-52999 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | 0.00030 | false | ||
| CVE-2025-54988 | Anchore CVE | Critical | tika-bundle-standard-2.8.0 | 0.00024 | false | ||
| CVE-2025-54988 | Anchore CVE | Critical | tika-core-2.8.0 | 0.00024 | false | ||
| CVE-2025-54988 | Anchore CVE | Critical | tika-core-2.8.0 | 0.00024 | false | ||
| CVE-2025-54988 | Anchore CVE | Critical | tika-parsers-standard-package-2.8.0 | 0.00024 | false | ||
| CVE-2025-54988 | Twistlock CVE | Low | org.apache.tika_tika-core-2.8.0 | 0.00024 | false | ||
| CVE-2023-50572 | Anchore CVE | Medium | jline-3.21.0 | 0.00021 | false | ||
| CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.23.0 | 0.00018 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.3 | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.15.2 | 0.00017 | false | ||
| CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 | 0.00017 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.4 | 0.00014 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.14.0 | 0.00014 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | commons-lang_commons-lang-2.6 | 0.00014 | false | ||
| CVE-2025-48924 | Twistlock CVE | Medium | org.apache.commons_commons-lang3-3.12.0 | 0.00014 | false | ||
| CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-2.4.8 | 0.00012 | false | ||
| CVE-2023-42503 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.23.0 | 0.00011 | false | ||
| PRISMA-2023-0067 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-core-2.14.1 | N/A | N/A | ||
| PRISMA-2021-0055 | Twistlock CVE | Low | commons-codec_commons-codec-1.11 | N/A | N/A | ||
| GHSA-xfrj-6vvc-3xm2 | Anchore CVE | Medium | xmlsec-2.3.1 | N/A | N/A | ||
| GHSA-vv7r-c36w-3prj | Anchore CVE | High | commons-fileupload-1.5 | N/A | N/A | ||
| GHSA-vv7r-c36w-3prj | Anchore CVE | High | commons-fileupload-1.5 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk18on-1.76 | N/A | N/A | ||
| GHSA-v435-xc8x-wvr9 | Anchore CVE | Medium | bcprov-jdk18on-1.77 | N/A | N/A | ||
| GHSA-rcjj-h6gh-jf3r | Anchore CVE | Medium | groovy-3.0.3 | N/A | N/A | ||
| GHSA-qh8g-58pp-2wxh | Anchore CVE | Medium | jetty-http-10.0.22 | N/A | N/A | ||
| GHSA-qh8g-58pp-2wxh | Anchore CVE | Medium | jetty-http-9.4.54.v20240208 | N/A | N/A | ||
| GHSA-q4rv-gq96-w7c5 | Anchore CVE | High | jetty-server-9.4.54.v20240208 | N/A | N/A | ||
| GHSA-pvp8-3xj6-8c6x | Anchore CVE | Low | commons-configuration-1.10 | N/A | N/A | ||
| GHSA-mvr2-9pj6-7w5j | Anchore CVE | Medium | guava-18.0 | N/A | N/A | ||
| GHSA-mmxm-8w33-wc4h | Anchore CVE | High | http2-common-9.4.54.v20240208 | N/A | N/A | ||
| GHSA-mmxm-8w33-wc4h | Anchore CVE | High | http2-common-10.0.22 | N/A | N/A | ||
| GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.33 | N/A | N/A | ||
| GHSA-m44j-cfrm-g8qc | Anchore CVE | Medium | bcprov-jdk18on-1.76 | N/A | N/A | ||
| GHSA-m44j-cfrm-g8qc | Anchore CVE | Medium | bcprov-jdk18on-1.77 | N/A | N/A | ||
| GHSA-jw7r-rxff-gv24 | Anchore CVE | Medium | apache-mime4j-core-0.8.9 | N/A | N/A | ||
| GHSA-jw7r-rxff-gv24 | Anchore CVE | Medium | apache-mime4j-core-0.8.9 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.4 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.12.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang-2.6 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-j288-q9x7-2f5v | Anchore CVE | Medium | commons-lang3-3.14.0 | N/A | N/A | ||
| GHSA-h46c-h94j-95f3 | Anchore CVE | High | jackson-core-2.14.1 | N/A | N/A | ||
| GHSA-gwrp-pvrq-jmwv | Anchore CVE | Medium | commons-io-2.5 | N/A | N/A | ||
| GHSA-gmg8-593g-7mv3 | Anchore CVE | Medium | poi-ooxml-5.2.3 | N/A | N/A | ||
| GHSA-g93m-8x6h-g5gv | Anchore CVE | High | zookeeper-3.9.2 | N/A | N/A | ||
| GHSA-g8m5-722r-8whq | Anchore CVE | Medium | jetty-server-9.4.54.v20240208 | N/A | N/A | ||
| GHSA-f58c-gq56-vjjf | Anchore CVE | Critical | tika-core-2.8.0 | N/A | N/A | ||
| GHSA-f58c-gq56-vjjf | Anchore CVE | Critical | tika-core-2.8.0 | N/A | N/A | ||
| GHSA-cgwf-w82q-5jrr | Anchore CVE | Medium | commons-compress-1.23.0 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk18on-1.76 | N/A | N/A | ||
| GHSA-8xfc-gm6g-vgpv | Anchore CVE | Medium | bcprov-jdk18on-1.77 | N/A | N/A | ||
| GHSA-826p-4gcg-35vw | Anchore CVE | Critical | gt-wfs-ng-29.6 | N/A | N/A | ||
| GHSA-826p-4gcg-35vw | Twistlock CVE | Critical | org.geotools_gt-wfs-ng-29.6 | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-18.0 | N/A | N/A | ||
| GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre | N/A | N/A | ||
| GHSA-7f88-5hhx-67m2 | Anchore CVE | High | xnio-api-3.8.11.Final | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.11.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.5 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.11.0 | N/A | N/A | ||
| GHSA-78wr-2p64-hpwj | Anchore CVE | High | commons-io-2.11.0 | N/A | N/A | ||
| GHSA-735f-pc8j-v9w8 | Anchore CVE | High | protobuf-java-3.19.6 | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bcprov-jdk18on-1.77 | N/A | N/A | ||
| GHSA-67mf-3cr5-8w23 | Anchore CVE | Medium | bcprov-jdk18on-1.76 | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-18.0 | N/A | N/A | ||
| GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre | N/A | N/A | ||
| GHSA-4pvw-g9fx-594r | Anchore CVE | Medium | org.apache.felix.healthcheck.webconsoleplugin-2.0.2 | N/A | N/A | ||
| GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.5 | N/A | N/A | ||
| GHSA-4h8f-2wvx-gg5w | Anchore CVE | Medium | bcprov-jdk18on-1.76 | N/A | N/A | ||
| GHSA-4h8f-2wvx-gg5w | Anchore CVE | Medium | bcprov-jdk18on-1.77 | N/A | N/A | ||
| GHSA-4g9r-vxhx-9pgx | Anchore CVE | Medium | commons-compress-1.23.0 | N/A | N/A | ||
| GHSA-4cx2-fc23-5wg6 | Anchore CVE | Medium | bcpkix-jdk18on-1.76 | N/A | N/A | ||
| GHSA-4cx2-fc23-5wg6 | Anchore CVE | Medium | bcpkix-jdk18on-1.77 | N/A | N/A | ||
| GHSA-4c37-7m5h-c8m9 | Anchore CVE | Medium | org.apache.felix.webconsole-4.8.12 | N/A | N/A | ||
| GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.8 | N/A | N/A | ||
| GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.8 | N/A | N/A | ||
| GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.8 | N/A | N/A | ||
| GHSA-4265-ccf5-phj5 | Anchore CVE | Medium | commons-compress-1.23.0 | N/A | N/A | ||
| GHSA-3f7h-mf4q-vrm4 | Anchore CVE | Medium | woodstox-core-6.2.8 | N/A | N/A | ||
| GHSA-2hmj-97jw-28jh | Anchore CVE | Medium | zookeeper-3.9.2 | N/A | N/A | ||
| 877f5090d3b898c03cce32a52db1d2ce | Anchore Compliance | Critical | N/A | N/A | |||
| 28ed50d0466d9c238e8ab814c7757c11 | Anchore Compliance | Critical | N/A | N/A |
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=octo/ddf&tag=3.1.0&branch=master
Tasks
Contributor:
-
Apply the StatusReview label to this issue for a merge request reviewand wait for feedback
OR
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue for a VAT justifications reviewand wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
RevieworVerificationlabel will be removed and the issue will be sent back toTo-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theRevieworVerificationlabel.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.
Edited by CHORE_TOKEN