UNCLASSIFIED - NO CUI

chore(findings): security-compass/sd-elements/mod_wsgi

Summary

security-compass/sd-elements/mod_wsgi has 130 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/mod_wsgi&tag=2025.2.0-9.6-001&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2025-53020 Twistlock CVE Medium httpd-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00546 false
CVE-2025-53020 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00546 false
CVE-2024-42516 Twistlock CVE Medium httpd-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00443 false
CVE-2024-42516 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00443 false
CVE-2025-49630 Twistlock CVE Medium httpd-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium mod_http2-2.0.26-4.el9_6.1 0.00416 false
CVE-2025-49630 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00416 false
CVE-2025-49630 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00416 false
CVE-2024-43204 Twistlock CVE Medium httpd-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00277 false
CVE-2024-43204 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00277 false
CVE-2022-0529 Twistlock CVE Low unzip-6.0-58.el9_5 0.00242 false
CVE-2022-0529 Anchore CVE Low unzip-6.0-58.el9_5 0.00242 false
CVE-2025-1153 Twistlock CVE Low binutils-2.35.2-63.el9 0.00185 false
CVE-2025-1153 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00185 false
CVE-2025-1153 Anchore CVE Low binutils-2.35.2-63.el9 0.00185 false
CVE-2021-4217 Twistlock CVE Low unzip-6.0-58.el9_5 0.00148 false
CVE-2021-4217 Anchore CVE Low unzip-6.0-58.el9_5 0.00148 false
CVE-2023-40403 Twistlock CVE Medium libxslt-1.1.34-13.el9_6 0.00137 false
CVE-2023-40403 Anchore CVE Medium libxslt-1.1.34-13.el9_6 0.00137 false
CVE-2022-0530 Twistlock CVE Low unzip-6.0-58.el9_5 0.00120 false
CVE-2022-0530 Anchore CVE Low unzip-6.0-58.el9_5 0.00120 false
CVE-2024-47252 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00100 false
CVE-2024-47252 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00100 false
CVE-2024-47252 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00100 false
CVE-2024-47252 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00100 false
CVE-2024-47252 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00100 false
CVE-2024-47252 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00100 false
CVE-2025-8194 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00096 false
CVE-2025-8194 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00096 false
CVE-2025-8194 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00096 false
CVE-2025-6069 Twistlock CVE Medium python3.12-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-6069 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-6069 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-6069 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-49812 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-49812 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-49812 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-49812 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-49812 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-49812 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00083 false
CVE-2025-1152 Twistlock CVE Low binutils-2.35.2-63.el9 0.00081 false
CVE-2025-1152 Anchore CVE Low binutils-2.35.2-63.el9 0.00081 false
CVE-2025-1152 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00081 false
CVE-2025-1150 Twistlock CVE Low binutils-2.35.2-63.el9 0.00081 false
CVE-2025-1150 Anchore CVE Low binutils-2.35.2-63.el9 0.00081 false
CVE-2025-1150 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00081 false
CVE-2025-23048 Anchore CVE Medium httpd-tools-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-23048 Anchore CVE Medium httpd-filesystem-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-23048 Anchore CVE Medium httpd-core-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-23048 Anchore CVE Medium mod_lua-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-23048 Anchore CVE Medium httpd-devel-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-23048 Anchore CVE Medium httpd-2.4.62-4.el9_6.4 0.00077 false
CVE-2025-1151 Twistlock CVE Low binutils-2.35.2-63.el9 0.00075 false
CVE-2025-1151 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00075 false
CVE-2025-1151 Anchore CVE Low binutils-2.35.2-63.el9 0.00075 false
CVE-2025-1377 Anchore CVE Low elfutils-debuginfod-client-0.192-6.el9_6 0.00065 false
CVE-2025-5683 Twistlock CVE Medium qt5-5.15.9-1.el9 0.00063 false
CVE-2025-5683 Anchore CVE Medium qt5-srpm-macros-5.15.9-1.el9 0.00063 false
CVE-2025-55197 Twistlock CVE Medium pypdf-5.6.1 0.00057 false
CVE-2023-50495 Anchore CVE Low ncurses-6.2-10.20210508.el9_6.2 0.00050 false
CVE-2025-1376 Anchore CVE Low elfutils-debuginfod-client-0.192-6.el9_6 0.00048 false
CVE-2022-27943 Anchore CVE Low cpp-11.5.0-5.el9_5 0.00044 false
CVE-2022-27943 Anchore CVE Low gcc-plugin-annobin-11.5.0-5.el9_5 0.00044 false
CVE-2022-27943 Anchore CVE Low gcc-11.5.0-5.el9_5 0.00044 false
CVE-2025-50817 Twistlock CVE High future-1.0.0 0.00036 false
CVE-2024-8244 Twistlock CVE Medium go-rpm-macros-3.6.0-10.el9_6 0.00036 false
CVE-2024-8244 Anchore CVE Medium go-srpm-macros-3.6.0-10.el9_6 0.00036 false
CVE-2025-32728 Twistlock CVE Medium openssh-8.7p1-45.el9 0.00033 false
CVE-2025-32728 Anchore CVE Medium openssh-8.7p1-45.el9 0.00033 false
CVE-2025-32728 Anchore CVE Medium openssh-clients-8.7p1-45.el9 0.00033 false
CVE-2025-1371 Anchore CVE Low elfutils-debuginfod-client-0.192-6.el9_6 0.00029 false
CVE-2024-57360 Twistlock CVE Low binutils-2.35.2-63.el9 0.00024 false
CVE-2024-57360 Anchore CVE Low binutils-2.35.2-63.el9 0.00024 false
CVE-2024-57360 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00024 false
CVE-2025-5245 Twistlock CVE Medium binutils-2.35.2-63.el9 0.00022 false
CVE-2025-5245 Anchore CVE Medium binutils-2.35.2-63.el9 0.00022 false
CVE-2025-5245 Anchore CVE Medium binutils-gold-2.35.2-63.el9 0.00022 false
CVE-2025-4516 Twistlock CVE Medium python3.12-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-7546 Twistlock CVE Medium binutils-2.35.2-63.el9 0.00015 false
CVE-2025-7546 Anchore CVE Medium binutils-2.35.2-63.el9 0.00015 false
CVE-2025-7546 Anchore CVE Medium binutils-gold-2.35.2-63.el9 0.00015 false
CVE-2025-50181 Twistlock CVE Medium urllib3-1.26.19 Most users dont disable redirects on the PoolManager. Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager 0.00015 false
CVE-2025-50181 Twistlock CVE Medium python3.12-pip-23.2.1-4.el9 0.00015 false
CVE-2025-50181 Anchore CVE Medium python3.12-pip-wheel-23.2.1-4.el9 0.00015 false
CVE-2025-48386 Twistlock CVE Medium git-2.47.3-1.el9_6 0.00015 false
CVE-2025-48386 Anchore CVE Medium git-2.47.3-1.el9_6 0.00015 false
CVE-2025-48386 Anchore CVE Medium git-core-doc-2.47.3-1.el9_6 0.00015 false
CVE-2025-48386 Anchore CVE Medium perl-Git-2.47.3-1.el9_6 0.00015 false
CVE-2025-48386 Anchore CVE Medium git-core-2.47.3-1.el9_6 0.00015 false
CVE-2025-7545 Twistlock CVE Medium binutils-2.35.2-63.el9 0.00014 false
CVE-2025-7545 Anchore CVE Medium binutils-2.35.2-63.el9 0.00014 false
CVE-2025-7545 Anchore CVE Medium binutils-gold-2.35.2-63.el9 0.00014 false
CVE-2024-25260 Anchore CVE Low elfutils-debuginfod-client-0.192-6.el9_6 0.00014 false
CVE-2025-50182 Twistlock CVE Medium python3.12-pip-23.2.1-4.el9 0.00013 false
CVE-2025-50182 Anchore CVE Medium python3.12-pip-wheel-23.2.1-4.el9 0.00013 false
CVE-2025-3198 Twistlock CVE Low binutils-2.35.2-63.el9 0.00011 false
CVE-2025-3198 Anchore CVE Low binutils-gold-2.35.2-63.el9 0.00011 false
CVE-2025-3198 Anchore CVE Low binutils-2.35.2-63.el9 0.00011 false
CVE-2023-2004 Anchore CVE Low freetype-2.10.4-10.el9_5 N/A false
ee3a1c5f611af9d4c6f79147349210b6 Anchore Compliance Critical N/A N/A
df32645b9acad3fe0d3920389d23d01b Anchore Compliance Critical N/A N/A
GHSA-xqrq-4mgf-ff32 Anchore CVE High future-1.0.0 N/A N/A
GHSA-pq67-6m6q-mj2v Anchore CVE Medium urllib3-1.26.19 N/A N/A
GHSA-7hfw-26vp-jp8m Anchore CVE Medium pypdf-5.6.1 N/A N/A
607b382e0bba51092d261fa3e11c14d2 Anchore Compliance Critical N/A N/A
4bcc669702c43c8ad3258a553fee7d9f Anchore Compliance Low N/A N/A
371eadb236c73fef0ebe6719081756c4 Anchore Compliance Critical N/A N/A
29a8e6b102edb6e69f1e5f731e20aa01 Anchore Compliance Critical N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/mod_wsgi&tag=2025.2.0-9.6-001&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI