UNCLASSIFIED - NO CUI

Skip to content

chore(findings): soacloud/custom-artemis-init

Summary

soacloud/custom-artemis-init has 70 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=soacloud/custom-artemis-init&tag=0.1.2&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2023-6787 Twistlock CVE High org.keycloak_keycloak-core-18.0.2 0.00423 false
CVE-2025-48924 Twistlock CVE Medium org.apache.commons_commons-lang3-3.14.0 0.00258 false
CVE-2020-36023 Twistlock CVE Medium poppler-21.01.0-21.el9 0.00232 false
CVE-2025-27427 Twistlock CVE Medium org.apache.activemq_artemis-jms-client-2.33.0 0.00120 false
CVE-2020-36024 Twistlock CVE Medium poppler-21.01.0-21.el9 0.00119 false
CVE-2025-6069 Twistlock CVE Medium python3.12-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-6069 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-6069 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00090 false
CVE-2025-52194 Anchore CVE Medium libsndfile-1.0.31-9.el9 0.00083 false
CVE-2025-52194 Twistlock CVE Medium libsndfile-1.0.31-9.el9 0.00083 false
CVE-2025-52999 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.14.2 0.00072 false
CVE-2025-47808 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00063 false
CVE-2025-47808 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00063 false
CVE-2025-8916 Twistlock CVE Medium org.bouncycastle_bcpkix-jdk15on-1.70.00.0 0.00055 false
CVE-2025-8916 Twistlock CVE Medium org.bouncycastle_bcpkix-jdk18on-1.77.00.0 0.00055 false
CVE-2025-8885 Twistlock CVE Medium org.bouncycastle_bcprov-jdk18on-1.77.00.0 0.00055 false
CVE-2025-47806 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00053 false
CVE-2025-47806 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00053 false
CVE-2025-58056 Twistlock CVE Low io.netty_netty-codec-http-4.1.107.Final 0.00050 false
CVE-2025-27391 Twistlock CVE Medium org.apache.activemq_artemis-jms-client-2.33.0 0.00043 false
CVE-2025-58057 Twistlock CVE Medium io.netty_netty-codec-4.1.107.Final 0.00042 false
CVE-2025-9901 Twistlock CVE Medium libsoup-2.72.0-10.el9_6.2 0.00038 false
CVE-2025-9901 Anchore CVE Medium libsoup-2.72.0-10.el9_6.2 0.00038 false
CVE-2025-50952 Twistlock CVE Medium openjpeg2-2.4.0-8.el9 0.00038 false
CVE-2025-50952 Anchore CVE Medium openjpeg2-2.4.0-8.el9 0.00038 false
CVE-2025-43228 Twistlock CVE Medium webkit2gtk3-2.48.5-1.el9_6 0.00027 false
CVE-2025-43228 Anchore CVE Medium webkit2gtk3-jsc-2.48.5-1.el9_6 0.00027 false
CVE-2025-52886 Twistlock CVE Medium poppler-21.01.0-21.el9 0.00021 false
CVE-2025-52886 Twistlock CVE Medium poppler-data-0.4.9-9.el9 0.00021 false
CVE-2025-52886 Anchore CVE Medium poppler-glib-21.01.0-21.el9 0.00021 false
CVE-2025-52886 Anchore CVE Medium poppler-21.01.0-21.el9 0.00021 false
CVE-2025-52886 Anchore CVE Medium poppler-data-0.4.9-9.el9 0.00021 false
CVE-2025-4516 Twistlock CVE Medium python3.12-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00021 false
CVE-2025-54080 Anchore CVE Low exiv2-0.27.5-2.el9 0.00019 false
CVE-2025-54080 Anchore CVE Low exiv2-libs-0.27.5-2.el9 0.00019 false
CVE-2025-54080 Twistlock CVE Low exiv2-0.27.5-2.el9 0.00019 false
CVE-2025-50422 Anchore CVE Low poppler-21.01.0-21.el9 0.00018 false
CVE-2025-50422 Anchore CVE Low poppler-glib-21.01.0-21.el9 0.00018 false
CVE-2025-50422 Twistlock CVE Low poppler-21.01.0-21.el9 0.00018 false
CVE-2025-8961 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8961 Anchore CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8177 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8177 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8176 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8176 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2024-13978 Anchore CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2024-13978 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-47807 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00015 false
CVE-2025-47807 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00015 false
CVE-2025-9165 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-9165 Anchore CVE Low libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-8851 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-8851 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-55304 Anchore CVE Low exiv2-libs-0.27.5-2.el9 0.00011 false
CVE-2025-55304 Anchore CVE Low exiv2-0.27.5-2.el9 0.00011 false
CVE-2025-55304 Twistlock CVE Low exiv2-0.27.5-2.el9 0.00011 false
CVE-2025-8197 Anchore CVE Medium libsoup-2.72.0-10.el9_6.2 N/A false
GHSA-j288-q9x7-2f5v Anchore CVE Medium commons-lang3-3.14.0 N/A N/A
GHSA-j288-q9x7-2f5v Anchore CVE Medium commons-lang3-3.14.0 N/A N/A
GHSA-h46c-h94j-95f3 Anchore CVE High jackson-core-2.14.2 N/A N/A
GHSA-g93m-8x6h-g5gv Anchore CVE High zookeeper-3.9.1 N/A N/A
GHSA-fghv-69vj-qj49 Anchore CVE Low netty-codec-http-4.1.107.Final N/A N/A
GHSA-fghv-69vj-qj49 Anchore CVE Low netty-codec-http-4.1.107.Final N/A N/A
GHSA-67mf-3cr5-8w23 Anchore CVE Medium bcprov-jdk18on-1.77 N/A N/A
GHSA-4cx2-fc23-5wg6 Anchore CVE Medium bcpkix-jdk15on-1.70 N/A N/A
GHSA-4cx2-fc23-5wg6 Anchore CVE Medium bcpkix-jdk18on-1.77 N/A N/A
GHSA-3p8m-j85q-pgmj Anchore CVE Medium netty-codec-4.1.107.Final N/A N/A
GHSA-3p8m-j85q-pgmj Anchore CVE Medium netty-codec-4.1.107.Final N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=soacloud/custom-artemis-init&tag=0.1.2&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI