chore(findings): opensource/tchiotludo/akhq
Summary
opensource/tchiotludo/akhq has 52 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.90.Final |
CVE-2023-36479 | Anchore CVE | Medium | jetty-http-9.4.48.v20220622 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.25.6 |
GHSA-rhrv-645h-fjfh | Anchore CVE | High | avro-1.11.1 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-client-9.4.48.v20220622 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-9.4.48.v20220622 |
CVE-2023-44487 | Anchore CVE | High | jetty-client-9.4.48.v20220622 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-http-9.4.48.v20220622 |
GHSA-9ph3-v2vh-3qx7 | Anchore CVE | Medium | vertx-core-4.3.7 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.90.Final |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-9.4.48.v20220622 |
CVE-2023-36478 | Anchore CVE | High | jetty-client-9.4.48.v20220622 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-9.4.48.v20220622 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-io-9.4.48.v20220622 |
CVE-2023-44981 | Anchore CVE | Critical | zookeeper-jute-3.6.3 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.7 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-io-9.4.48.v20220622 |
GHSA-3vqj-43w4-2q58 | Anchore CVE | High | json-20220320 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-http-9.4.48.v20220622 |
GHSA-hmr7-m48g-48f6 | Anchore CVE | Medium | jetty-http-9.4.48.v20220622 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 |
CVE-2023-44487 | Anchore CVE | High | jetty-io-9.4.48.v20220622 |
GHSA-7g24-qg88-p43q | Anchore CVE | High | jose4j-0.7.9 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-http-9.4.48.v20220622 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-client-9.4.48.v20220622 |
CVE-2023-36478 | Anchore CVE | High | jetty-io-9.4.48.v20220622 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-9.4.48.v20220622 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-r978-9m6m-6gm6 | Anchore CVE | Medium | zookeeper-3.6.3 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-client-9.4.48.v20220622 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-9.4.48.v20220622 |
GHSA-4jq9-2xhw-jpx7 | Anchore CVE | High | json-20220320 |
GHSA-6qvw-249j-h44c | Anchore CVE | Medium | jose4j-0.7.9 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.90.Final |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-9.4.48.v20220622 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-7286-pgfv-vxvh | Anchore CVE | Critical | zookeeper-3.6.3 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-io-9.4.48.v20220622 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-io-9.4.48.v20220622 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-io-9.4.48.v20220622 |
CVE-2007-2379 | Anchore CVE | Medium | jquery-3.5.1 |
CVE-2023-36478 | Anchore CVE | High | jetty-http-9.4.48.v20220622 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-client-9.4.48.v20220622 |
CVE-2023-44487 | Anchore CVE | High | jetty-http-9.4.48.v20220622 |
GHSA-jgvc-jfgh-rjvv | Anchore CVE | Medium | jose4j-0.7.9 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-9.4.48.v20220622 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-client-9.4.48.v20220622 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/tchiotludo/akhq&tag=0.24.0&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.