chore(findings): opensource/eclipse/rdf4j-workbench
Summary
opensource/eclipse/rdf4j-workbench has 52 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-44487 | Anchore CVE | High | solr-solrj-8.9.0 |
CVE-2023-44981 | Anchore CVE | Critical | zookeeper-jute-3.6.2 |
CVE-2023-50291 | Anchore CVE | High | solr-solrj-8.9.0 |
CVE-2021-33813 | Anchore CVE | High | solr-solrj-8.9.0 |
GHSA-xrj7-x7gp-wwqr | Anchore CVE | Low | solr-solrj-8.9.0 |
CVE-2023-50386 | Anchore CVE | High | solr-solrj-8.9.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.5 |
GHSA-7286-pgfv-vxvh | Anchore CVE | Critical | zookeeper-3.6.2 |
GHSA-gm62-rw4g-vrc4 | Anchore CVE | High | logback-core-1.2.12 |
GHSA-7286-pgfv-vxvh | Anchore CVE | Critical | zookeeper-3.6.2 |
CVE-2023-44981 | Anchore CVE | Critical | zookeeper-jute-3.6.2 |
CVE-2023-44487 | Anchore CVE | High | solr-solrj-8.9.0 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.12 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.50.Final |
CVE-2023-50291 | Anchore CVE | High | solr-solrj-8.9.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.5 |
CVE-2023-50292 | Anchore CVE | High | solr-solrj-8.9.0 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.50.Final |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.12 |
GHSA-xrj7-x7gp-wwqr | Anchore CVE | Low | solr-solrj-8.9.0 |
GHSA-r978-9m6m-6gm6 | Anchore CVE | Medium | zookeeper-3.6.2 |
CVE-2023-50292 | Anchore CVE | High | solr-solrj-8.9.0 |
CVE-2021-33813 | Anchore CVE | High | solr-solrj-8.9.0 |
GHSA-r978-9m6m-6gm6 | Anchore CVE | Medium | zookeeper-3.6.2 |
CVE-2023-50386 | Anchore CVE | High | solr-solrj-8.9.0 |
GHSA-qcwq-55hx-v3vh | Anchore CVE | High | snappy-java-1.1.7.6 |
GHSA-pqr6-cmr2-h8hf | Anchore CVE | Medium | snappy-java-1.1.7.6 |
GHSA-55g7-9cwv-5qfv | Anchore CVE | High | snappy-java-1.1.7.6 |
GHSA-fjpj-2g6w-x25r | Anchore CVE | Medium | snappy-java-1.1.7.6 |
GHSA-qcwq-55hx-v3vh | Anchore CVE | High | snappy-java-1.1.7.6 |
GHSA-pqr6-cmr2-h8hf | Anchore CVE | Medium | snappy-java-1.1.7.6 |
GHSA-2wrp-6fg6-hmc5 | Anchore CVE | High | spring-web-5.3.30 |
GHSA-hgjh-9rj2-g67j | Anchore CVE | High | spring-web-5.3.30 |
GHSA-fjpj-2g6w-x25r | Anchore CVE | Medium | snappy-java-1.1.7.6 |
GHSA-ccgv-vj62-xf9h | Anchore CVE | High | spring-web-5.3.30 |
GHSA-55g7-9cwv-5qfv | Anchore CVE | High | snappy-java-1.1.7.6 |
CVE-2024-22259 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2024-22243 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2023-43642 | Twistlock CVE | High | org.xerial.snappy_snappy-java-1.1.7.6 |
CVE-2023-34455 | Twistlock CVE | High | org.xerial.snappy_snappy-java-1.1.7.6 |
CVE-2021-37137 | Twistlock CVE | High | io.netty_netty-codec-4.1.50.Final |
CVE-2021-37136 | Twistlock CVE | High | io.netty_netty-codec-4.1.50.Final |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.12 |
CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.50.Final |
CVE-2023-34454 | Twistlock CVE | Medium | org.xerial.snappy_snappy-java-1.1.7.6 |
CVE-2023-34453 | Twistlock CVE | Medium | org.xerial.snappy_snappy-java-1.1.7.6 |
CVE-2024-23944 | Twistlock CVE | Medium | org.apache.zookeeper_zookeeper-3.6.2 |
CVE-2023-50298 | Twistlock CVE | Low | org.apache.solr_solr-solrj-8.9.0 |
CVE-2024-22262 | Twistlock CVE | High | spring-web-5.3.30 |
CVE-2023-44981 | Twistlock CVE | Critical | org.apache.zookeeper_zookeeper-3.6.2 |
CVE-2023-6481 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.12 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.12 |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/eclipse/rdf4j-workbench&tag=4.3.11&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/eclipse/rdf4j-workbench/-/jobs/22516182
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.