UNCLASSIFIED - NO CUI

Skip to content

chore(findings): phylum/api

Summary

phylum/api has 162 new findings discovered during continuous monitoring.

id source severity package
e07d84b039b0e6fcea42fbda1d378647 Anchore Compliance Critical
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
b18c88ddeab24abfb92ae2ccddb0b022 Anchore Compliance Critical
CVE-2023-2953 Anchore CVE Low openldap-2.6.6-3.el9
CVE-2023-7008 Anchore CVE Medium systemd-pam-252-32.el9_4
CVE-2024-33601 Anchore CVE Low glibc-common-2.34-100.el9
CVE-2024-33599 Anchore CVE High glibc-langpack-en-2.34-100.el9
CVE-2024-33601 Anchore CVE Low glibc-langpack-en-2.34-100.el9
CVE-2024-2398 Anchore CVE Medium libcurl-minimal-7.76.1-29.el9_4
CVE-2021-3997 Anchore CVE Medium systemd-rpm-macros-252-32.el9_4
CVE-2022-47007 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2024-2511 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2023-3446 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-0450 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2024-33600 Anchore CVE Medium glibc-langpack-en-2.34-100.el9
CVE-2022-0391 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2023-2222 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2023-6597 Anchore CVE High python3-libs-3.9.18-3.el9
CVE-2024-22365 Anchore CVE Medium pam-1.5.1-19.el9
CVE-2024-0727 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-2961 Anchore CVE High glibc-common-2.34-100.el9
CVE-2024-33599 Anchore CVE High glibc-minimal-langpack-2.34-100.el9
CVE-2024-2961 Anchore CVE High glibc-langpack-en-2.34-100.el9
CVE-2021-3997 Anchore CVE Medium systemd-libs-252-32.el9_4
CVE-2023-3446 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-33599 Anchore CVE High glibc-2.34-100.el9
CVE-2021-3997 Anchore CVE Medium systemd-pam-252-32.el9_4
CVE-2022-47011 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-14.el9
CVE-2023-6597 Anchore CVE High python3-3.9.18-3.el9
CVE-2022-0391 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2024-33599 Anchore CVE High glibc-common-2.34-100.el9
CVE-2024-33601 Anchore CVE Low glibc-2.34-100.el9
CVE-2023-7008 Anchore CVE Medium systemd-libs-252-32.el9_4
CVE-2023-3817 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2023-7008 Anchore CVE Medium systemd-rpm-macros-252-32.el9_4
CVE-2021-3572 Anchore CVE Low python3-pip-wheel-21.2.3-8.el9
CVE-2023-3817 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2023-7008 Anchore CVE Medium systemd-252-32.el9_4
CVE-2023-6237 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-33602 Anchore CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2023-2975 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-33600 Anchore CVE Medium glibc-minimal-langpack-2.34-100.el9
CVE-2024-0450 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2024-0727 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-2961 Anchore CVE High glibc-2.34-100.el9
CVE-2023-6129 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2021-3997 Anchore CVE Medium systemd-252-32.el9_4
CVE-2024-33600 Anchore CVE Medium glibc-2.34-100.el9
CVE-2024-2511 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2021-23336 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2023-2975 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-2398 Anchore CVE Medium curl-minimal-7.76.1-29.el9_4
CVE-2024-33602 Anchore CVE Low glibc-common-2.34-100.el9
CVE-2023-5678 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2023-6237 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-33600 Anchore CVE Medium glibc-common-2.34-100.el9
CVE-2024-33602 Anchore CVE Low glibc-langpack-en-2.34-100.el9
CVE-2024-2961 Anchore CVE High glibc-minimal-langpack-2.34-100.el9
CVE-2022-48554 Anchore CVE Low file-libs-5.39-16.el9
CVE-2021-23336 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2022-47010 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2023-6129 Anchore CVE Low openssl-libs-1:3.0.7-27.el9
CVE-2024-33602 Anchore CVE Low glibc-2.34-100.el9
CVE-2024-33601 Anchore CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2023-5678 Anchore CVE Low openssl-1:3.0.7-27.el9
CVE-2024-25260 Anchore CVE Low elfutils-libelf-0.190-2.el9
CVE-2020-12413 Anchore CVE Low nss-sysinit-3.90.0-7.el9_4
CVE-2023-50495 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2022-3219 Anchore CVE Low gnupg2-2.3.3-4.el9
CVE-2022-27943 Anchore CVE Low libgcc-11.4.1-3.el9
CVE-2023-39804 Anchore CVE Low tar-2:1.34-6.el9_1
CVE-2022-33070 Anchore CVE Low protobuf-c-1.3.3-13.el9
CVE-2024-25260 Anchore CVE Low elfutils-default-yama-scope-0.190-2.el9
CVE-2021-45941 Anchore CVE Medium libbpf-2:1.3.0-2.el9
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-5.el9_3
CVE-2023-50495 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.34.1-7.el9_3
CVE-2022-41409 Anchore CVE Low pcre2-10.40-5.el9
CVE-2022-29458 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2024-25260 Anchore CVE Low elfutils-libs-0.190-2.el9
CVE-2022-4899 Anchore CVE Low libzstd-1.5.1-2.el9
CVE-2022-41409 Anchore CVE Low pcre2-syntax-10.40-5.el9
CVE-2021-45940 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2022-3606 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2020-12413 Anchore CVE Low nss-softokn-freebl-3.90.0-7.el9_4
CVE-2022-27943 Anchore CVE Low libgomp-11.4.1-3.el9
CVE-2020-12413 Anchore CVE Low nss-softokn-3.90.0-7.el9_4
CVE-2020-12413 Anchore CVE Low nss-util-3.90.0-7.el9_4
CVE-2020-12413 Anchore CVE Low nss-3.90.0-7.el9_4
CVE-2023-30571 Anchore CVE Medium libarchive-3.5.3-4.el9
CVE-2023-36632 Anchore CVE Medium python3-libs-3.9.18-3.el9
CVE-2022-27943 Anchore CVE Low libstdc++-11.4.1-3.el9
CVE-2023-36191 Anchore CVE Low sqlite-libs-3.34.1-7.el9_3
CVE-2020-12413 Anchore CVE Low nspr-4.35.0-7.el9_4
CVE-2023-4156 Anchore CVE Low gawk-5.1.0-6.el9
CVE-2023-36632 Anchore CVE Medium python3-3.9.18-3.el9
CVE-2005-2541 Anchore CVE Medium tar-2:1.34-6.el9_1
CVE-2022-29458 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CCE-83634-6 OSCAP Compliance Medium
CVE-2024-2961 Twistlock CVE Critical glibc-common-2.34-100.el9
CVE-2024-2961 Twistlock CVE Critical glibc-minimal-langpack-2.34-100.el9
CVE-2024-2961 Twistlock CVE Critical glibc-2.34-100.el9
CVE-2024-2961 Twistlock CVE Critical glibc-langpack-en-2.34-100.el9
CVE-2023-6597 Twistlock CVE Critical python3-3.9.18-3.el9
CVE-2023-6597 Twistlock CVE Critical python3-libs-3.9.18-3.el9
CVE-2024-33599 Twistlock CVE Critical glibc-common-2.34-100.el9
CVE-2024-33599 Twistlock CVE Critical glibc-langpack-en-2.34-100.el9
CVE-2024-33599 Twistlock CVE Critical glibc-2.34-100.el9
CVE-2024-33599 Twistlock CVE Critical glibc-minimal-langpack-2.34-100.el9
CVE-2024-2398 Twistlock CVE Medium libcurl-minimal-7.76.1-29.el9_4
CVE-2024-2398 Twistlock CVE Medium curl-minimal-7.76.1-29.el9_4
CVE-2023-36632 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2023-36632 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2024-0450 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2024-0450 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2021-23336 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2021-23336 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2021-3997 Twistlock CVE Medium systemd-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-libs-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-rpm-macros-252-32.el9_4
CVE-2021-3997 Twistlock CVE Medium systemd-pam-252-32.el9_4
CVE-2024-33600 Twistlock CVE Medium glibc-common-2.34-100.el9
CVE-2024-33600 Twistlock CVE Medium glibc-langpack-en-2.34-100.el9
CVE-2024-33600 Twistlock CVE Medium glibc-2.34-100.el9
CVE-2024-33600 Twistlock CVE Medium glibc-minimal-langpack-2.34-100.el9
CVE-2022-0391 Twistlock CVE Medium python3-3.9.18-3.el9
CVE-2022-0391 Twistlock CVE Medium python3-libs-3.9.18-3.el9
CVE-2021-45941 Twistlock CVE Medium libbpf-1.3.0-2.el9
CVE-2021-45940 Twistlock CVE Medium libbpf-1.3.0-2.el9
CVE-2023-45803 Twistlock CVE Medium python3-pip-wheel-21.2.3-8.el9
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-3.2.2-2.el9
CVE-2023-2953 Twistlock CVE Low openldap-2.6.6-3.el9
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.90.0-7.el9_4
CVE-2020-12413 Twistlock CVE Low nspr-4.35.0-7.el9_4
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.90.0-7.el9_4
CVE-2020-12413 Twistlock CVE Low nss-util-3.90.0-7.el9_4
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.90.0-7.el9_4
CVE-2020-12413 Twistlock CVE Low nss-3.90.0-7.el9_4
CVE-2022-47011 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47010 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47007 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-27943 Twistlock CVE Low libstdc++-11.4.1-3.el9
CVE-2022-27943 Twistlock CVE Low libgomp-11.4.1-3.el9
CVE-2022-27943 Twistlock CVE Low libgcc-11.4.1-3.el9
CVE-2022-41409 Twistlock CVE Low pcre2-10.40-5.el9
CVE-2022-41409 Twistlock CVE Low pcre2-syntax-10.40-5.el9
CVE-2021-3572 Twistlock CVE Low python3-pip-wheel-21.2.3-8.el9
CVE-2022-3606 Twistlock CVE Low libbpf-1.3.0-2.el9
CVE-2024-33602 Twistlock CVE Low glibc-2.34-100.el9
CVE-2024-33602 Twistlock CVE Low glibc-langpack-en-2.34-100.el9
CVE-2024-33602 Twistlock CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2024-33602 Twistlock CVE Low glibc-common-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-common-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-langpack-en-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-minimal-langpack-2.34-100.el9
CVE-2024-33601 Twistlock CVE Low glibc-2.34-100.el9
CVE-2024-25260 Twistlock CVE Low elfutils-libs-0.190-2.el9
CVE-2024-25260 Twistlock CVE Low elfutils-libelf-0.190-2.el9
CVE-2024-25260 Twistlock CVE Low elfutils-default-yama-scope-0.190-2.el9
CVE-2024-2511 Twistlock CVE Low openssl-3.0.7-27.el9
CVE-2024-2511 Twistlock CVE Low openssl-libs-3.0.7-27.el9

VAT: https://vat.dso.mil/vat/image?imageName=phylum/api&tag=1.30.1&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=phylum/api&tag=1.30.1&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI