UNCLASSIFIED - NO CUI

Skip to content

chore(findings): soacloud/ddf-solr

Summary

soacloud/ddf-solr has 49 new findings discovered during continuous monitoring.

Layer: soacloud/ddf-solr:3.1.0-solr-v9.8.1 is EOL, please update if possible

Layer: opensource/apache/solr-9:9.8.1 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=soacloud/ddf-solr&tag=3.1.0-solr-v9.8.1&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-44296 Twistlock CVE Medium webkit2gtk3-2.48.5-1.el9_6 0.00381 false
CVE-2024-44296 Anchore CVE Medium webkit2gtk3-jsc-2.48.5-1.el9_6 0.00381 false
CVE-2025-24150 Twistlock CVE Medium webkit2gtk3-2.48.5-1.el9_6 0.00195 false
CVE-2025-24150 Anchore CVE Medium webkit2gtk3-jsc-2.48.5-1.el9_6 0.00195 false
CVE-2025-52194 Twistlock CVE Medium libsndfile-1.0.31-9.el9 0.00083 false
CVE-2025-52194 Anchore CVE Medium libsndfile-1.0.31-9.el9 0.00083 false
CVE-2025-24143 Twistlock CVE Medium webkit2gtk3-2.48.5-1.el9_6 0.00082 false
CVE-2025-24143 Anchore CVE Medium webkit2gtk3-jsc-2.48.5-1.el9_6 0.00082 false
CVE-2025-5115 Twistlock CVE High org.eclipse.jetty.http2_http2-common-10.0.22 0.00066 false
CVE-2025-47808 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00058 false
CVE-2025-47808 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00058 false
CVE-2025-47907 Anchore CVE High stdlib-go1.18.1 0.00054 false
CVE-2025-47806 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00049 false
CVE-2025-47806 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00049 false
CVE-2025-58057 Twistlock CVE Medium io.netty_netty-codec-4.1.114.Final 0.00042 false
CVE-2025-9901 Twistlock CVE Medium libsoup-2.72.0-10.el9_6.2 0.00038 false
CVE-2025-50952 Twistlock CVE Medium openjpeg2-2.4.0-8.el9 0.00035 false
CVE-2025-50952 Anchore CVE Medium openjpeg2-2.4.0-8.el9 0.00035 false
CVE-2025-43228 Twistlock CVE Medium webkit2gtk3-2.48.5-1.el9_6 0.00027 false
CVE-2025-43228 Anchore CVE Medium webkit2gtk3-jsc-2.48.5-1.el9_6 0.00027 false
CVE-2025-8941 Anchore CVE High pam-1.5.1-26.el9_6 0.00024 false
CVE-2025-6199 Twistlock CVE Low gdk-pixbuf2-2.42.6-6.el9_6 0.00019 false
CVE-2025-6199 Anchore CVE Low gdk-pixbuf2-modules-2.42.6-6.el9_6 0.00019 false
CVE-2025-6199 Anchore CVE Low gdk-pixbuf2-2.42.6-6.el9_6 0.00019 false
CVE-2025-54080 Anchore CVE Low exiv2-0.27.5-2.el9 0.00019 false
CVE-2025-54080 Anchore CVE Low exiv2-libs-0.27.5-2.el9 0.00019 false
CVE-2025-54080 Twistlock CVE Low exiv2-0.27.5-2.el9 0.00019 false
CVE-2025-8961 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8961 Anchore CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8177 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8177 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8176 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-8176 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00017 false
CVE-2024-13978 Anchore CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2024-13978 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00017 false
CVE-2025-9165 Twistlock CVE Low libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-9165 Anchore CVE Low libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-8851 Twistlock CVE Medium libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-8851 Anchore CVE Medium libtiff-4.4.0-13.el9 0.00014 false
CVE-2025-47807 Twistlock CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00013 false
CVE-2025-47807 Anchore CVE Medium gstreamer1-plugins-base-1.22.12-4.el9 0.00013 false
CVE-2025-55304 Anchore CVE Low exiv2-libs-0.27.5-2.el9 0.00011 false
CVE-2025-55304 Anchore CVE Low exiv2-0.27.5-2.el9 0.00011 false
CVE-2025-55304 Twistlock CVE Low exiv2-0.27.5-2.el9 0.00011 false
CVE-2025-4674 Anchore CVE High stdlib-go1.18.1 0.00006 false
CVE-2025-8197 Anchore CVE Medium libsoup-2.72.0-10.el9_6.2 N/A false
abb121e9621abdd452f65844954cf1c1 Anchore Compliance Low N/A N/A
GHSA-mmxm-8w33-wc4h Anchore CVE High http2-common-10.0.22 N/A N/A
34de21e516c0ca50a96e5386f163f8bf Anchore Compliance Low N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=soacloud/ddf-solr&tag=3.1.0-solr-v9.8.1&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI