UNCLASSIFIED - NO CUI

chore(findings): security-compass/sd-elements/mod_wsgi

Summary

security-compass/sd-elements/mod_wsgi has 183 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.6 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/mod_wsgi&tag=2025.3.8-9.6-001&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-41996 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2025-53020 Twistlock CVE Medium httpd-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium httpd-tools-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium mod_lua-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium httpd-devel-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium httpd-core-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium httpd-2.4.62-7.el9 0.00315 false
CVE-2025-53020 Anchore CVE Medium httpd-filesystem-2.4.62-7.el9 0.00315 false
CVE-2024-42516 Twistlock CVE Medium httpd-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium httpd-filesystem-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium httpd-tools-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium httpd-core-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium httpd-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium httpd-devel-2.4.62-7.el9 0.00277 false
CVE-2024-42516 Anchore CVE Medium mod_lua-2.4.62-7.el9 0.00277 false
CVE-2024-43204 Twistlock CVE Medium httpd-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium httpd-tools-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium httpd-core-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium httpd-devel-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium httpd-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium httpd-filesystem-2.4.62-7.el9 0.00211 false
CVE-2024-43204 Anchore CVE Medium mod_lua-2.4.62-7.el9 0.00211 false
CVE-2025-14087 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2025-14087 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2025-6069 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00163 false
CVE-2017-1000383 Twistlock CVE Low emacs-1:27.2-18.el9 0.00142 false
CVE-2025-65082 Twistlock CVE Medium httpd-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium httpd-core-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium httpd-devel-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium mod_lua-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium httpd-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium httpd-filesystem-2.4.62-7.el9 0.00128 false
CVE-2025-65082 Anchore CVE Medium httpd-tools-2.4.62-7.el9 0.00128 false
CVE-2024-13176 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00123 false
CVE-2025-8291 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00113 false
CVE-2023-47038 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00090 false
CVE-2025-55753 Twistlock CVE High httpd-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High httpd-devel-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High mod_lua-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High httpd-filesystem-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High httpd-tools-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High httpd-2.4.62-7.el9 0.00085 false
CVE-2025-55753 Anchore CVE High httpd-core-2.4.62-7.el9 0.00085 false
CVE-2025-58098 Twistlock CVE High httpd-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High httpd-core-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High httpd-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High mod_lua-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High httpd-tools-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High httpd-devel-2.4.62-7.el9 0.00077 false
CVE-2025-58098 Anchore CVE High httpd-filesystem-2.4.62-7.el9 0.00077 false
CVE-2025-13836 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00066 false
CVE-2025-1377 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00064 false
CVE-2025-1376 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00064 false
CVE-2025-66019 Twistlock CVE Medium pypdf-6.3.0 0.00060 false
CVE-2025-11731 Twistlock CVE Low libxslt-1.1.34-13.el9_6 0.00057 false
CVE-2025-11731 Anchore CVE Low libxslt-1.1.34-13.el9_6 0.00057 false
CVE-2025-1371 Anchore CVE Low elfutils-debuginfod-client-0.193-1.el9 0.00052 false
CVE-2025-64460 Twistlock CVE Low django-4.2.26 0.00049 false
CVE-2025-66293 Twistlock CVE High libpng-2:1.6.37-12.el9 0.00046 false
CVE-2025-66293 Anchore CVE High libpng-2:1.6.37-12.el9 0.00046 false
CVE-2025-66200 Twistlock CVE Medium httpd-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium httpd-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium httpd-tools-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium httpd-filesystem-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium httpd-devel-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium httpd-core-2.4.62-7.el9 0.00042 false
CVE-2025-66200 Anchore CVE Medium mod_lua-2.4.62-7.el9 0.00042 false
CVE-2025-14512 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-14512 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-64720 Twistlock CVE High libpng-2:1.6.37-12.el9 0.00033 false
CVE-2025-64720 Anchore CVE High libpng-2:1.6.37-12.el9 0.00033 false
CVE-2025-9232 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-11081 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00027 false
CVE-2025-11081 Anchore CVE Medium binutils-2.35.2-67.el9 0.00027 false
CVE-2025-11081 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00027 false
CVE-2025-11083 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00026 false
CVE-2025-11083 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00026 false
CVE-2025-11083 Anchore CVE Medium binutils-2.35.2-67.el9 0.00026 false
CVE-2025-4516 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00023 false
CVE-2025-11840 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11840 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11840 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11495 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11494 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11414 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11413 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Twistlock CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Anchore CVE Low binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11412 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Twistlock CVE Medium binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Anchore CVE Medium binutils-2.35.2-67.el9 0.00023 false
CVE-2025-11082 Anchore CVE Medium binutils-gold-2.35.2-67.el9 0.00023 false
CVE-2025-6176 Twistlock CVE High brotli-1.0.9-7.el9_5 0.00020 false
CVE-2025-6176 Anchore CVE High libbrotli-1.0.9-7.el9_5 0.00020 false
CVE-2025-66471 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to stream compressed content from untrusted sources. 0.00018 false
CVE-2025-66471 Twistlock CVE High urllib3-1.26.19 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to stream compressed content from untrusted sources. 0.00018 false
CVE-2025-66418 Twistlock CVE High urllib3-1.26.19 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to make requests to untrusted sources. Use preloadcontentFalse and ensure that resp.headerscontentencoding contains a safe number of encodings before reading the response content. 0.00018 false
CVE-2025-66418 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to make requests to untrusted sources. Use preloadcontentFalse and ensure that resp.headerscontentencoding contains a safe number of encodings before reading the response content. 0.00018 false
CVE-2025-65018 Twistlock CVE High libpng-2:1.6.37-12.el9 0.00018 false
CVE-2025-65018 Anchore CVE High libpng-2:1.6.37-12.el9 0.00018 false
CVE-2025-13837 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00018 false
CVE-2025-66382 Twistlock CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-66382 Anchore CVE Low expat-devel-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-66382 Anchore CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-6075 Twistlock CVE Low python3.12-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-libs-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-devel-3.12.11-2.el9 0.00017 false
CVE-2025-10911 Twistlock CVE Medium libxslt-1.1.34-13.el9_6 0.00016 false
CVE-2025-10911 Anchore CVE Medium libxslt-1.1.34-13.el9_6 0.00016 false
CVE-2025-13601 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-13601 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-14104 Twistlock CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libfdisk-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libsmartcols-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-core-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libuuid-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libmount-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libblkid-2.37.4-21.el9 0.00014 false
CVE-2025-11839 Twistlock CVE Low binutils-2.35.2-67.el9 0.00014 false
CVE-2025-11839 Anchore CVE Low binutils-gold-2.35.2-67.el9 0.00014 false
CVE-2025-11839 Anchore CVE Low binutils-2.35.2-67.el9 0.00014 false
CVE-2025-64506 Twistlock CVE Medium libpng-2:1.6.37-12.el9 0.00012 false
CVE-2025-64506 Anchore CVE Medium libpng-2:1.6.37-12.el9 0.00012 false
CVE-2025-64505 Twistlock CVE Medium libpng-2:1.6.37-12.el9 0.00012 false
CVE-2025-64505 Anchore CVE Medium libpng-2:1.6.37-12.el9 0.00012 false
CVE-2025-61985 Twistlock CVE Medium openssh-8.7p1-46.el9 0.00011 false
CVE-2025-61985 Anchore CVE Medium openssh-8.7p1-46.el9 0.00011 false
CVE-2025-61985 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00011 false
CVE-2025-48386 Twistlock CVE Medium git-2.47.3-1.el9_6 0.00011 false
CVE-2025-48386 Anchore CVE Medium git-core-2.47.3-1.el9_6 0.00011 false
CVE-2025-48386 Anchore CVE Medium perl-Git-2.47.3-1.el9_6 0.00011 false
CVE-2025-48386 Anchore CVE Medium git-2.47.3-1.el9_6 0.00011 false
CVE-2025-48386 Anchore CVE Medium git-core-doc-2.47.3-1.el9_6 0.00011 false
CVE-2025-23050 Twistlock CVE Low qt5-5.15.9-1.el9 0.00011 false
CVE-2025-23050 Anchore CVE Low qt5-srpm-macros-5.15.9-1.el9 0.00011 false
CVE-2025-40909 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00009 false
CVE-2025-13372 Twistlock CVE Low django-4.2.26 0.00008 false
CVE-2025-61984 Twistlock CVE Medium openssh-8.7p1-46.el9 0.00006 false
CVE-2025-61984 Anchore CVE Medium openssh-8.7p1-46.el9 0.00006 false
CVE-2025-61984 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00006 false
GHSA-vrcr-9hj9-jcg6 Anchore CVE Medium django-4.2.26 N/A N/A
GHSA-rqw2-ghq9-44m7 Anchore CVE Medium django-4.2.26 N/A N/A
GHSA-m449-cwjh-6pw7 Anchore CVE Medium pypdf-6.3.0 N/A N/A
GHSA-gm62-xv2j-4w53 Anchore CVE High urllib3-1.26.19 N/A N/A
GHSA-2xpw-w6gg-jr37 Anchore CVE High urllib3-1.26.19 N/A N/A
7f111fe3136012040dcd65f2dd8d55aa Anchore Compliance Low N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/mod_wsgi&tag=2025.3.8-9.6-001&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI