chore(findings): ortussolutions/commandbox-adobe2021
Summary
ortussolutions/commandbox-adobe2021 has 110 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2021-20190 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2021-20190 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2021-20190 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36189 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36189 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36189 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36189 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36188 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36188 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36188 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36188 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36187 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36187 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36187 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36187 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36186 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36186 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36186 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36186 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36185 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36185 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36185 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36185 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36184 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36184 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36184 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36184 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36183 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36183 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36183 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36183 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36182 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36182 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36182 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36182 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36181 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36181 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36181 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36181 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36180 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-36180 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36180 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36180 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36179 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-36179 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-36179 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-36179 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-24750 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2020-24750 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-24750 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-24750 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-24616 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.5.4 |
CVE-2020-24616 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.8.11.5 |
CVE-2020-24616 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.3.3 |
CVE-2020-24616 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.4.0 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-2.4.1 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.1.0 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.0.2 |
CVE-2017-9735 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2015-2156 | Twistlock CVE | High | io.netty_netty-3.5.8 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-20.0 |
GHSA-xfv3-rrfm-f2rv | Anchore CVE | High | netty-3.5.8.Final |
GHSA-f256-j965-7f32 | Anchore CVE | Medium | netty-3.5.8.Final |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.4.0 |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.3.3 |
GHSA-wm47-8v5p-wjpj | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-5mcr-gq6c-3hq2 | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-p2v9-g2qv-p635 | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-p2v9-g2qv-p635 | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-9vjp-v76f-g363 | Anchore CVE | High | netty-3.5.8.Final |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.0.2 |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.5.4 |
GHSA-grg4-wf29-r9vv | Anchore CVE | High | netty-3.5.8.Final |
GHSA-5mcr-gq6c-3hq2 | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-qw3f-w4pf-jh5f | Anchore CVE | Medium | tika-core-1.20 |
GHSA-wm47-8v5p-wjpj | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-2.4.1 |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.3.3 |
GHSA-wx5j-54mm-rqqq | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-grg4-wf29-r9vv | Anchore CVE | High | netty-3.5.8.Final |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.0.2 |
GHSA-wfcc-pff6-rgc5 | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
CVE-2021-40699 | Anchore CVE | High | wsconfig-development |
GHSA-qw3f-w4pf-jh5f | Anchore CVE | Medium | tika-core-1.21 |
GHSA-wfcc-pff6-rgc5 | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
GHSA-cqqj-4p63-rrmm | Anchore CVE | Critical | netty-3.5.8.Final |
GHSA-wx5j-54mm-rqqq | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.0.2 |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.1.0 |
CVE-2021-40698 | Anchore CVE | High | wsconfig-development |
GHSA-f256-j965-7f32 | Anchore CVE | Medium | netty-3.5.8.Final |
GHSA-xfv3-rrfm-f2rv | Anchore CVE | High | netty-3.5.8.Final |
GHSA-cqqj-4p63-rrmm | Anchore CVE | Critical | netty-3.5.8.Final |
CVE-2017-15095 | Anchore CVE | Critical | jackson-databind-2.3.3 |
GHSA-qw3f-w4pf-jh5f | Anchore CVE | Medium | tika-core-1.20 |
GHSA-9vjp-v76f-g363 | Anchore CVE | High | netty-3.5.8.Final |
GHSA-wfcc-pff6-rgc5 | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
GHSA-26vr-8j45-3r4w | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
CVE-2021-28165 | Anchore CVE | High | jetty-io-8.1.15.v20140411 |
CVE-2021-28165 | Anchore CVE | High | jetty-io-8.1.15.v20140411 |
CVE-2021-28165 | Anchore CVE | High | jetty-io-8.1.15.v20140411 |
GHSA-26vr-8j45-3r4w | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
GHSA-26vr-8j45-3r4w | Anchore CVE | High | jetty-server-8.1.15.v20140411 |
GHSA-pcf2-gh6g-h5r2 | Anchore CVE | Medium | antisamy-1.5.13 |
CVE-2021-28165 | Twistlock CVE | High | org.eclipse.jetty_jetty-server-8.1.15 |
CVE-2023-40743 | Twistlock CVE | Critical | axis-1.2.1 |
CVE-2023-44981 | Twistlock CVE | Critical | org.apache.zookeeper_zookeeper-3.4.10 |
CVE-2023-44487 | Twistlock CVE | High | io.netty_netty-3.5.8 |
CVE-2023-43643 | Twistlock CVE | Medium | org.owasp.antisamy_antisamy-1.5.13 |
CVE-2022-1259 | Twistlock CVE | High | io.undertow_undertow-core-2.2.24 |
VAT: https://vat.dso.mil/vat/image?imageName=ortussolutions/commandbox-adobe2021&tag=1.2.1&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=ortussolutions/commandbox-adobe2021&tag=1.2.0&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.