chore(findings): opensource/jupyter/jupyterlab
Summary
opensource/jupyter/jupyterlab has 151 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-29244 | Anchore CVE | Medium | nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2022-29244 | Anchore CVE | Medium | nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2022-29244 | Anchore CVE | Medium | nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2022-29244 | Anchore CVE | Medium | npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-29491 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2018-20225 | Anchore CVE | High | pip-22.0.4 |
CVE-2022-48339 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2022-48337 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2023-2222 | Anchore CVE | Medium | binutils-2.30-119.el8 |
CVE-2022-48338 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2023-31124 | Anchore CVE | Low | nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Anchore CVE | High | npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Anchore CVE | Medium | nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31124 | Anchore CVE | Low | npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Anchore CVE | High | nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Anchore CVE | Medium | nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Anchore CVE | Medium | nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Anchore CVE | High | nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Anchore CVE | Medium | npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Anchore CVE | High | nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31124 | Anchore CVE | Low | nodejs-docs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Anchore CVE | Medium | nodejs-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31124 | Anchore CVE | Low | nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Anchore CVE | Medium | nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Anchore CVE | Medium | npm-1:8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Anchore CVE | Medium | nodejs-full-i18n-1:16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-33952 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-22998 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-35825 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3141 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-21102 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3161 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1829 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2162 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2248 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2166 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-0459 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31082 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1079 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31085 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2124 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2513 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-35824 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-30456 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2483 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1077 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1838 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2194 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-33203 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2269 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2235 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-2002 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1075 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1076 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31436 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3327 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-33951 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1281 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1637 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-28464 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-35788 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3212 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1206 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1855 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-28772 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3006 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31084 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1998 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-35823 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1074 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3159 | Anchore CVE | Low | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3268 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-26545 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31083 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1380 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-28410 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-1989 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-0458 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2022-45869 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3117 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31484 | Anchore CVE | Medium | perl-interpreter-4:5.26.3-422.el8 |
CVE-2023-3090 | Anchore CVE | High | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-3390 | Anchore CVE | Medium | kernel-headers-4.18.0-477.15.1.el8_8 |
CVE-2023-31484 | Anchore CVE | Medium | perl-macros-4:5.26.3-422.el8 |
CVE-2023-31484 | Anchore CVE | Medium | perl-libs-4:5.26.3-422.el8 |
CVE-2023-31484 | Anchore CVE | Medium | perl-IO-0:1.38-422.el8 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Errno-0:1.28-422.el8 |
PRISMA-2022-0168 | Twistlock CVE | High | pip-22.0.4 |
CVE-2023-0464 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-0466 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-0465 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2017-15897 | Twistlock CVE | Low | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2022-48339 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-48338 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-48337 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2023-1579 | Twistlock CVE | Medium | binutils-2.30-119.el8 |
CVE-2023-1972 | Twistlock CVE | Low | binutils-2.30-119.el8 |
PRISMA-2023-0054 | Twistlock CVE | Medium | node-16.19.1 |
CVE-2022-25883 | Twistlock CVE | High | semver-7.3.7 |
CVE-2023-32067 | Twistlock CVE | Critical | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Twistlock CVE | Critical | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-32067 | Twistlock CVE | Critical | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-29491 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2023-31147 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31147 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31130 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-2222 | Twistlock CVE | Medium | binutils-2.30-119.el8 |
CVE-2023-2650 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-31124 | Twistlock CVE | Low | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-31124 | Twistlock CVE | Low | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-31124 | Twistlock CVE | Low | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30587 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30587 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30587 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30584 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30584 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30584 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30581 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30581 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30581 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-31484 | Twistlock CVE | Medium | perl-IO-1.38-422.el8 |
CVE-2023-31484 | Twistlock CVE | Medium | perl-macros-5.26.3-422.el8 |
CVE-2023-31484 | Twistlock CVE | Medium | perl-interpreter-5.26.3-422.el8 |
CVE-2023-31484 | Twistlock CVE | Medium | perl-Errno-1.28-422.el8 |
CVE-2023-31484 | Twistlock CVE | Medium | perl-libs-5.26.3-422.el8 |
CVE-2023-30589 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30589 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30589 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30585 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30585 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30585 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30590 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30590 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30590 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30588 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30588 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30588 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30586 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30586 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30586 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30583 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30583 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30583 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30582 | Twistlock CVE | Medium | nodejs-16.19.1-1.module+el8.7.0+18373+704f5cef |
CVE-2023-30582 | Twistlock CVE | Medium | npm-8.19.3-1.16.19.1.1.module+el8.7.0+18373+704f5cef |
CVE-2023-30582 | Twistlock CVE | Medium | nodejs-full-i18n-16.19.1-1.module+el8.7.0+18373+704f5cef |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/jupyter/jupyterlab&tag=3.6.3&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/jupyter/jupyterlab/-/jobs/20051860
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.