chore(findings): indrasoft/vauban
Summary
indrasoft/vauban has 303 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-3mc7-4q67-w48m | Anchore CVE | High | snakeyaml-1.27 |
GHSA-9w3m-gqgf-c4p9 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-c4r9-r8fh-9vj2 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-hhhw-99gj-p3c3 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-98wm-3w3q-mw94 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-h4h5-3hr4-j3g2 | Anchore CVE | Medium | protobuf-java-3.17.3 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.9 |
GHSA-w37g-rhq8-7m4j | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.27 |
GHSA-g5ww-5jh7-63cx | Anchore CVE | High | protobuf-java-3.17.3 |
GHSA-4gg5-vx3j-xwc7 | Anchore CVE | High | protobuf-java-3.17.3 |
GHSA-j563-grx4-pjpv | Anchore CVE | High | xstream-1.4.19 |
GHSA-f8cc-g7j8-xxpm | Anchore CVE | High | xstream-1.4.19 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.4 |
GHSA-gv87-q66h-4277 | Anchore CVE | Critical | itextpdf-5.5.12 |
GHSA-3vqj-43w4-2q58 | Anchore CVE | High | json-20180130 |
GHSA-8f6x-v685-g2xc | Anchore CVE | Medium | struts2-core-2.5.30 |
GHSA-4g42-gqrg-4633 | Anchore CVE | High | struts2-core-2.5.30 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-30.1-jre |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
GHSA-w33c-445m-f8w7 | Anchore CVE | Medium | okio-1.6.0 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-30.1-jre |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-jdbc-9.0.64 |
CVE-2023-0833 | Anchore CVE | Medium | okhttp-2.7.5 |
CVE-2023-44487 | Anchore CVE | High | tomcat-jdbc-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-jdbc-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-jdbc-9.0.64 |
GHSA-crg9-44h2-xw35 | Anchore CVE | Critical | activemq-client-5.16.3 |
GHSA-4jq9-2xhw-jpx7 | Anchore CVE | High | json-20180130 |
CVE-2022-41678 | Anchore CVE | High | activemq-client-5.16.3 |
CVE-2023-46589 | Anchore CVE | High | tomcat-jdbc-9.0.64 |
GHSA-729q-fcgp-r5xh | Anchore CVE | High | struts2-core-2.5.30 |
GHSA-2j39-qcjm-428w | Anchore CVE | Critical | struts2-core-2.5.30 |
CVE-2023-49735 | Anchore CVE | High | tiles-template-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-jsp-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-freemarker-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-api-3.0.8 |
GHSA-qw4h-3xjj-84cc | Anchore CVE | High | tiles-core-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-el-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-ognl-3.0.8 |
CVE-2023-49735 | Anchore CVE | High | tiles-servlet-3.0.8 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-dbcp-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-coyote-9.0.64 |
GHSA-p22x-g9px-3945 | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-de-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-jni-9.0.64 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk15on-1.52 |
CVE-2023-44487 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-util-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-dbcp-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-juli-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-juli-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-jni-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-es-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-juli-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-es-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
GHSA-rq2w-37h9-vg94 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-dbcp-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.64 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-jni-9.0.64 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk15on-1.52 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-dbcp-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-dbcp-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-util-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-juli-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-util-scan-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-api-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-util-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-es-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-jni-9.0.64 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-46589 | Anchore CVE | High | tomcat-jni-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.64 |
GHSA-72m5-fvvv-55m6 | Anchore CVE | Medium | bcprov-jdk15on-1.52 |
CVE-2022-45143 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-jni-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-fr-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-util-scan-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-ko-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-de-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-util-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-util-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.64 |
GHSA-6xx3-rg99-gc3p | Anchore CVE | Medium | bcprov-jdk15on-1.52 |
CVE-2016-6325 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-ja-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-jni-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-es-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-cs-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-jni-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-de-9.0.64 |
GHSA-7w75-32cg-r6g2 | Anchore CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-util-scan-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-cs-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-pt-BR-9.0.64 |
GHSA-v682-8vv8-vpwr | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-api-9.0.64 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-api-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-api-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-api-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-i18n-de-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-api-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-juli-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-util-scan-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-util-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-dbcp-9.0.64 |
CVE-2022-34305 | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-util-scan-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-ja-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-ko-9.0.64 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2022-42252 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-jni-9.0.64 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-websocket-9.0.64 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-i18n-de-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-es-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-ru-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-util-scan-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-i18n-zh-CN-9.0.64 |
CVE-2016-5425 | Anchore CVE | High | tomcat-jni-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-jni-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-pt-BR-9.0.64 |
CVE-2016-6325 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-i18n-es-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-ru-9.0.64 |
CVE-2022-42252 | Anchore CVE | High | tomcat-websocket-9.0.64 |
CVE-2023-44487 | Anchore CVE | High | tomcat-i18n-fr-9.0.64 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-i18n-de-9.0.64 |
CVE-2023-46589 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2022-45143 | Anchore CVE | High | tomcat-juli-9.0.64 |
CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.9 |
CVE-2022-3171 | Twistlock CVE | Medium | com.google.protobuf_protobuf-java-3.17.3 |
CVE-2022-3509 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.17.3 |
CVE-2022-3510 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.17.3 |
CVE-2021-43113 | Twistlock CVE | Critical | com.itextpdf_itextpdf-5.5.12 |
CVE-2020-15522 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2023-3635 | Twistlock CVE | Medium | com.squareup.okio_okio-1.6.0 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2023-49735 | Twistlock CVE | High | org.apache.tiles_tiles-core-3.0.8 |
CVE-2023-5072 | Twistlock CVE | High | org.json_json-20180130 |
CVE-2022-45688 | Twistlock CVE | High | org.json_json-20180130 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2020-26939 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2024-24549 | Twistlock CVE | Medium | tomcat-coyote-9.0.64 |
CVE-2024-23672 | Twistlock CVE | Medium | tomcat-websocket-9.0.64 |
CVE-2024-21634 | Twistlock CVE | High | software.amazon.ion_ion-java-1.0.2 |
CVE-2023-24998 | Twistlock CVE | High | tomcat-coyote-9.0.64 |
CVE-2022-42252 | Twistlock CVE | High | tomcat-coyote-9.0.64 |
CVE-2023-50164 | Twistlock CVE | Critical | org.apache.struts_struts2-core-2.5.30 |
CVE-2023-46604 | Twistlock CVE | Critical | org.apache.activemq_activemq-client-5.16.3 |
CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.27 |
CVE-2022-41678 | Twistlock CVE | High | org.apache.activemq_activemq-client-5.16.3 |
CVE-2023-46589 | Twistlock CVE | High | tomcat-util-9.0.64 |
CVE-2023-44487 | Twistlock CVE | High | tomcat-util-9.0.64 |
CVE-2023-41835 | Twistlock CVE | High | org.apache.struts_struts2-core-2.5.30 |
CVE-2023-34396 | Twistlock CVE | High | org.apache.struts_struts2-core-2.5.30 |
CVE-2023-24998 | Twistlock CVE | High | commons-fileupload_commons-fileupload-1.4 |
CVE-2022-45143 | Twistlock CVE | High | tomcat-util-9.0.64 |
CVE-2022-42252 | Twistlock CVE | High | tomcat-util-9.0.64 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-41966 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.19 |
CVE-2022-40152 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.19 |
CVE-2022-40151 | Twistlock CVE | High | com.thoughtworks.xstream_xstream-1.4.19 |
CVE-2022-25857 | Twistlock CVE | High | org.yaml_snakeyaml-1.27 |
CVE-2016-1000343 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000342 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000340 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000338 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000352 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000344 | Twistlock CVE | High | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-30.1-jre |
CVE-2023-34149 | Twistlock CVE | Medium | org.apache.struts_struts2-core-2.5.30 |
CVE-2022-41854 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38752 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38751 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38749 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2023-41080 | Twistlock CVE | Medium | tomcat-util-9.0.64 |
CVE-2022-34305 | Twistlock CVE | Medium | tomcat-util-9.0.64 |
CVE-2017-13098 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000345 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2016-1000341 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2022-38750 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2023-45648 | Twistlock CVE | Medium | tomcat-util-9.0.64 |
CVE-2023-42795 | Twistlock CVE | Medium | tomcat-util-9.0.64 |
CVE-2016-1000339 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2023-28708 | Twistlock CVE | Medium | tomcat-util-9.0.64 |
CVE-2016-1000346 | Twistlock CVE | Low | org.bouncycastle_bcprov-jdk15on-1.52 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-30.1-jre |
VAT: https://vat.dso.mil/vat/image?imageName=indrasoft/vauban&tag=1.0.2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=indrasoft/vauban&tag=1.0.2&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.