UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/jupyter/jupyterlab

Summary

opensource/jupyter/jupyterlab has 103 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-32215 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-32215 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-32214 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-32214 twistlock_cve Medium nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-32214 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-32213 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-32213 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-29187 twistlock_cve Medium git-2.31.1-2.el8
CVE-2022-29187 twistlock_cve Medium perl-Git-2.31.1-2.el8
CVE-2022-29187 twistlock_cve Medium git-core-2.31.1-2.el8
CVE-2021-45078 twistlock_cve Medium binutils-2.30-113.el8
CVE-2018-1000876 twistlock_cve Medium binutils-2.30-113.el8
CVE-2022-32212 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-32212 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-29244 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-29244 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2021-44533 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2021-44533 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2021-44532 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2021-44532 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2021-44531 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2021-44531 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2021-3114 twistlock_cve Medium cpp-8.5.0-10.1.el8_6
CVE-2022-0235 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-0235 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-33987 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2022-33987 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2019-9077 twistlock_cve Medium binutils-2.30-113.el8
CVE-2019-9075 twistlock_cve Medium binutils-2.30-113.el8
CVE-2019-9074 twistlock_cve Medium binutils-2.30-113.el8
CVE-2018-20671 twistlock_cve Medium binutils-2.30-113.el8
CVE-2018-20623 twistlock_cve Medium binutils-2.30-113.el8
CVE-2022-21824 twistlock_cve Low npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2022-21824 twistlock_cve Low nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2020-35494 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-27943 twistlock_cve Low cpp-8.5.0-10.1.el8_6
CVE-2022-27943 twistlock_cve Low libgomp-8.5.0-10.1.el8_6
CVE-2022-27943 twistlock_cve Low gcc-8.5.0-10.1.el8_6
CVE-2020-35507 twistlock_cve Low binutils-2.30-113.el8
CVE-2020-35496 twistlock_cve Low binutils-2.30-113.el8
CVE-2020-35495 twistlock_cve Low binutils-2.30-113.el8
CVE-2020-35493 twistlock_cve Low binutils-2.30-113.el8
CVE-2019-12972 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-12934 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-20673 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-17985 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18701 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18700 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18484 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18483 twistlock_cve Low binutils-2.30-113.el8
CVE-2017-15897 twistlock_cve Low nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2017-15897 twistlock_cve Low npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2021-46195 twistlock_cve Low cpp-8.5.0-10.1.el8_6
CVE-2021-46195 twistlock_cve Low gcc-8.5.0-10.1.el8_6
CVE-2021-46195 twistlock_cve Low libgomp-8.5.0-10.1.el8_6
CVE-2019-9071 twistlock_cve Low binutils-2.30-113.el8
CVE-2019-14250 twistlock_cve Low cpp-8.5.0-10.1.el8_6
CVE-2019-14250 twistlock_cve Low gcc-8.5.0-10.1.el8_6
CVE-2019-14250 twistlock_cve Low binutils-2.30-113.el8
CVE-2019-14250 twistlock_cve Low libgomp-8.5.0-10.1.el8_6
CVE-2018-6872 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-20657 twistlock_cve Low libgomp-8.5.0-10.1.el8_6
CVE-2018-20657 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-20657 twistlock_cve Low cpp-8.5.0-10.1.el8_6
CVE-2018-20657 twistlock_cve Low gcc-8.5.0-10.1.el8_6
CVE-2018-20651 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-20002 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-19932 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18607 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18606 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18605 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-18309 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-17794 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-17360 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-12699 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-12698 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-12697 twistlock_cve Low binutils-2.30-113.el8
CVE-2018-12641 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-1972 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-2873 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-2938 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-2964 anchore_cve High kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-30594 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-2978 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-1678 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-25265 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-3028 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2021-3826 twistlock_cve Low binutils-2.30-113.el8
CVE-2021-3826 twistlock_cve Low gcc-8.5.0-10.1.el8_6
CVE-2021-3826 twistlock_cve Low cpp-8.5.0-10.1.el8_6
CVE-2021-3826 twistlock_cve Low libgomp-8.5.0-10.1.el8_6
CVE-2022-38128 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-38127 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-38126 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-20166 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-36879 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-devel-2.28-189.5.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-headers-2.28-189.5.el8_6
CVE-2022-38533 twistlock_cve Low binutils-2.30-113.el8
CVE-2022-39189 anchore_cve Medium kernel-headers-4.18.0-372.19.1.el8_6
CVE-2021-44906 twistlock_cve Medium npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2
CVE-2021-44906 twistlock_cve Medium nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2
CVE-2021-44906 twistlock_cve Medium nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2

VAT: https://vat.dso.mil/vat/container/21251?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/jupyter/jupyterlab/-/jobs/13910625

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Jafforice Gaines
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI