chore(findings): opensource/apache/nifi
Summary
opensource/apache/nifi has 90 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-85cw-hj65-qqv9 | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-cjjf-94ff-43w7 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-8c4j-34r4-xr8g | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.87.Final |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.10.1 |
CVE-2013-2192 | Anchore CVE | Low | hadoop-shaded-protobuf_3_21-1.2.0 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.10.1 |
GHSA-gjmw-vf9h-g25v | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-mx7p-6679-8g3q | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-f3j5-rmmp-3fc5 | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-c8hm-7hpq-7jhg | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.10.1 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.84.Final |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.4.2 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.94.Final |
GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.10.1 |
CVE-2018-1121 | Anchore CVE | Low | procps-ng-3.3.15-14.el8 |
CVE-2018-17196 | Anchore CVE | High | kafka-clients-1.0.2 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.10.1 |
GHSA-vfqx-33qm-g869 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-mph4-vhrx-mv67 | Anchore CVE | Medium | jackson-databind-2.4.0 |
GHSA-qjw2-hr98-qgfh | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-h3cw-g4mq-c5x2 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-f9xh-2qgp-cq57 | Anchore CVE | High | jackson-databind-2.4.0 |
CVE-2019-13118 | Anchore CVE | Low | libxslt-1.1.32-6.el8 |
CVE-2019-13117 | Anchore CVE | Low | libxslt-1.1.32-6.el8 |
GHSA-645p-88qh-w398 | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.84.Final |
GHSA-hh82-3pmq-7frp | Anchore CVE | Medium | netty-codec-http-4.1.84.Final |
GHSA-p43x-xfjf-5jhr | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
GHSA-4gq5-ch57-c2mg | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
GHSA-89qr-369f-5m5x | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.94.Final |
GHSA-q93h-jc49-78gg | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-5r5r-6hpj-8gg9 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-9gph-22xh-8x98 | Anchore CVE | High | jackson-databind-2.4.0 |
CVE-2015-4035 | Anchore CVE | High | xz-1.9 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-cggj-fvv3-cqwv | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-cmfg-87vq-g5g4 | Anchore CVE | Medium | jackson-databind-2.4.0 |
GHSA-h592-38cm-4ggp | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-fmmc-742q-jg75 | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-gwp4-hfv6-p7hw | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-cf6r-3wgc-h863 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-gww7-p5w4-wrfv | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.87.Final |
GHSA-w3f4-3q6j-rh82 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-288c-cq4h-88gq | Anchore CVE | High | jackson-databind-2.10.1 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.87.Final |
GHSA-cvm9-fjm9-3572 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.84.Final |
GHSA-v585-23hc-c647 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-5949-rw7g-wx7w | Anchore CVE | High | jackson-databind-2.4.0 |
CVE-2018-17196 | Anchore CVE | High | kafka-clients-2.0.0 |
GHSA-qr7j-h6gg-jmgc | Anchore CVE | Critical | jackson-databind-2.4.0 |
CVE-2019-12399 | Anchore CVE | High | kafka-clients-2.0.0 |
GHSA-5ww9-j83m-q7qx | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-rfx6-vp9g-rh7v | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-h822-r4r5-v8jg | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.0.1-jre |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-6fpp-rgj9-8rwc | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-9m6f-7xcq-8vf8 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-r695-7vr9-jgc2 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-rpr3-cw39-3pxh | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-wh8g-3j2c-rqj5 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-qxxx-2pp7-5hmx | Anchore CVE | Critical | jackson-databind-2.4.0 |
GHSA-fqwf-pjwf-7vqv | Anchore CVE | High | jackson-databind-2.4.0 |
CVE-2016-5001 | Anchore CVE | Medium | hadoop-shaded-protobuf_3_21-1.2.0 |
CVE-2017-3161 | Anchore CVE | Medium | hadoop-shaded-protobuf_3_21-1.2.0 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-fx2c-96vj-985v | Anchore CVE | Medium | netty-codec-haproxy-4.1.84.Final |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcpkix-jdk18on-1.71 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.4.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.0.1-jre |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.0 |
GHSA-m6x4-97wx-4q27 | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-4w82-r329-3q67 | Anchore CVE | Critical | jackson-databind-2.4.0 |
CVE-2016-4607 | Anchore CVE | Medium | libxslt-1.1.32-6.el8 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
GHSA-r3gr-cxrf-hg25 | Anchore CVE | High | jackson-databind-2.4.0 |
CVE-2017-3162 | Anchore CVE | High | hadoop-shaded-protobuf_3_21-1.2.0 |
GHSA-3j6g-hxx5-3q26 | Anchore CVE | Medium | kafka-clients-2.0.0 |
GHSA-8w26-6f25-cm9x | Anchore CVE | High | jackson-databind-2.4.0 |
GHSA-4h8f-2wvx-gg5w | Anchore CVE | Low | bcprov-jdk18on-1.71 |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/apache/nifi&tag=1.26.0-fips-bc&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/apache/nifi&tag=1.25.0-fips-bc&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.