chore(findings): solutions-delivery-platform/dependency-check/dependency-check
Summary
solutions-delivery-platform/dependency-check/dependency-check has 224 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2021-23463 | anchore_cve | Critical | h2-1.4.199 |
GHSA-668q-qrv7-99fm | anchore_cve | Medium | logback-core-1.2.6 |
PRISMA-2021-0213 | twistlock_cve | Medium | com.fasterxml.jackson.core_jackson-databind-2.13.0 |
CCE-85987-6 | oscap_comp | Medium | |
CVE-2021-42392 | anchore_cve | Critical | h2-1.4.199 |
CVE-2020-36518 | twistlock_cve | High | com.fasterxml.jackson.core_jackson-databind-2.13.0 |
CVE-2017-14197 | anchore_cve | Medium | matrix-0.2.0 |
CVE-2017-14198 | anchore_cve | High | matrix-0.2.0 |
CVE-1999-1338 | anchore_cve | Medium | delegate-0.1.0 |
CVE-2022-27405 | anchore_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2020-7712 | anchore_cve | High | json-2.3.0 |
GHSA-4vf4-qmvg-mh7h | anchore_cve | High | cgi-0.1.0 |
CVE-2005-0036 | anchore_cve | Medium | delegate-0.1.0 |
CVE-2002-0059 | anchore_cve | High | zlib-1.1.0 |
CVE-2018-25032 | anchore_cve | High | zlib-1.1.0 |
CVE-2014-2524 | anchore_cve | Low | readline-0.0.2 |
GHSA-57j2-w4cx-62h2 | anchore_cve | High | jackson-databind-2.13.0 |
CVE-2015-4035 | anchore_cve | High | xz-1.8 |
CVE-2005-0861 | anchore_cve | High | delegate-0.1.0 |
CVE-2022-27404 | anchore_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2014-5169 | anchore_cve | Low | date-3.0.0 |
CVE-2022-23221 | anchore_cve | Critical | h2-1.4.199 |
GHSA-qg54-694p-wgpp | anchore_cve | High | date-3.0.0 |
CVE-2017-14727 | anchore_cve | High | logger-1.4.2 |
CVE-2022-27406 | anchore_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2008-1145 | anchore_cve | Medium | webrick-1.6.1 |
CCE-80667-9 | oscap_comp | Medium | |
CCE-80668-7 | oscap_comp | Medium | |
CCE-80669-5 | oscap_comp | Medium | |
CCE-80670-3 | oscap_comp | Medium | |
CCE-81037-4 | oscap_comp | Medium | |
CCE-81035-8 | oscap_comp | Medium | |
CVE-2021-35938 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2022-1304 | anchore_cve | Medium | libcom_err-1.45.6-4.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-44568 | anchore_cve | Low | libsolv-0.7.20-1.el8 |
GHSA-4jrv-ppp4-jm57 | anchore_cve | High | gson-2.8.5 |
addbb93c22e9b0988b8b40392a4538cb | anchore_comp | Low | |
CVE-2022-25647 | twistlock_cve | High | com.google.code.gson_gson-2.8.5 |
CVE-2021-42550 | twistlock_cve | Medium | ch.qos.logback_logback-core-1.2.6 |
CVE-2022-27943 | anchore_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2022-27943 | anchore_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2021-46828 | anchore_cve | Medium | libtirpc-1.1.4-6.el8 |
CVE-2022-2509 | anchore_cve | Medium | gnutls-3.6.16-4.el8 |
CVE-2022-2343 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2126 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2345 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2125 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2124 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2344 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2129 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2175 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-30699 | anchore_cve | Medium | unbound-libs-1.7.3-17.el8 |
CVE-2022-30699 | anchore_cve | Medium | python3-unbound-1.7.3-17.el8 |
CVE-2022-2522 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-37434 | anchore_cve | Medium | zlib-1.2.11-18.el8_5 |
CVE-2022-30698 | anchore_cve | Medium | unbound-libs-1.7.3-17.el8 |
CVE-2022-30698 | anchore_cve | Medium | python3-unbound-1.7.3-17.el8 |
CVE-2022-37434 | anchore_cve | Critical | zlib-1.1.0 |
CCE-88248-0 | oscap_comp | Medium | |
CCE-86107-0 | oscap_comp | Medium | |
CVE-2022-2175 | twistlock_cve | Critical | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2017-15412 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2016-5131 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2017-0663 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2022-2183 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2182 | twistlock_cve | Medium | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-27404 | twistlock_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2022-2509 | twistlock_cve | Medium | gnutls-3.6.16-4.el8 |
CVE-2017-9047 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2022-2207 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-27406 | twistlock_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2022-27405 | twistlock_cve | Medium | freetype-2.9.1-4.el8_3.1 |
CVE-2022-37434 | twistlock_cve | Medium | zlib-1.2.11-18.el8_5 |
CVE-2022-30699 | twistlock_cve | Medium | python3-unbound-1.7.3-17.el8 |
CVE-2022-30699 | twistlock_cve | Medium | unbound-libs-1.7.3-17.el8 |
CVE-2022-30698 | twistlock_cve | Medium | unbound-libs-1.7.3-17.el8 |
CVE-2022-30698 | twistlock_cve | Medium | python3-unbound-1.7.3-17.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2017-9050 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2017-9049 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2017-7375 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2022-2206 | twistlock_cve | Medium | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-0235 | twistlock_cve | Medium | dnf-plugin-subscription-manager-1.28.29-3.el8 |
CVE-2022-0235 | twistlock_cve | Medium | python3-cloud-what-1.28.29-3.el8 |
CVE-2022-0235 | twistlock_cve | Medium | subscription-manager-rhsm-certificates-1.28.29-3.el8 |
CVE-2022-0235 | twistlock_cve | Medium | subscription-manager-1.28.29-3.el8 |
CVE-2022-0235 | twistlock_cve | Medium | python3-syspurpose-1.28.29-3.el8 |
CVE-2022-0235 | twistlock_cve | Medium | python3-subscription-manager-rhsm-1.28.29-3.el8 |
CVE-2016-3709 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2016-3709 | twistlock_cve | Medium | libxml2-2.9.7-13.el8_6.1 |
CVE-2022-1304 | twistlock_cve | Medium | libcom_err-1.45.6-4.el8 |
CVE-2022-2231 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2210 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2016-4658 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2018-16428 | twistlock_cve | Low | glib2-2.56.4-158.el8 |
CVE-2022-2345 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2344 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2343 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2020-21674 | twistlock_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2021-3927 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2021-4166 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2020-35512 | twistlock_cve | Low | dbus-libs-1.12.8-18.el8_6.1 |
CVE-2020-35512 | twistlock_cve | Low | dbus-1.12.8-18.el8_6.1 |
CVE-2020-35512 | twistlock_cve | Low | dbus-tools-1.12.8-18.el8_6.1 |
CVE-2020-35512 | twistlock_cve | Low | dbus-common-1.12.8-18.el8_6.1 |
CVE-2020-35512 | twistlock_cve | Low | dbus-daemon-1.12.8-18.el8_6.1 |
CVE-2022-2522 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-0351 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2021-4209 | twistlock_cve | Low | gnutls-3.6.16-4.el8 |
CVE-2021-44568 | twistlock_cve | Low | libsolv-0.7.20-1.el8 |
CVE-2022-2129 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2819 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-27943 | twistlock_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2022-27943 | twistlock_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2022-1720 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2288 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2019-16866 | twistlock_cve | Low | unbound-libs-1.7.3-17.el8 |
CVE-2019-16866 | twistlock_cve | Low | python3-unbound-1.7.3-17.el8 |
CVE-2018-20786 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2017-9048 | twistlock_cve | Low | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2022-2289 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2286 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2285 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2284 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-1619 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2017-18258 | twistlock_cve | Low | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2022-2287 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2208 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2126 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2125 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2124 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2021-46195 | twistlock_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2021-46195 | twistlock_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2019-14250 | twistlock_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2019-14250 | twistlock_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2018-20657 | twistlock_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2018-20657 | twistlock_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2018-1000880 | twistlock_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2018-1000879 | twistlock_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2021-3974 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2021-25317 | twistlock_cve | Low | cups-libs-2.2.6-45.el8_6.2 |
CVE-2016-3709 | anchore_cve | Medium | libxml2-2.9.7-13.el8_6.1 |
CVE-2016-3709 | anchore_cve | Medium | python3-libxml2-2.9.7-13.el8_6.1 |
CVE-2022-2845 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2946 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2923 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2182 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2819 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2849 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2020-35527 | twistlock_cve | Medium | sqlite-libs-3.26.0-15.el8 |
CVE-2020-35525 | twistlock_cve | Low | sqlite-libs-3.26.0-15.el8 |
CVE-2021-3826 | twistlock_cve | Low | libstdc++-8.5.0-10.1.el8_6 |
CVE-2021-3826 | twistlock_cve | Low | libgcc-8.5.0-10.1.el8_6 |
CVE-2021-3826 | twistlock_cve | Low | gdb-gdbserver-8.2-18.el8 |
CVE-2020-35538 | twistlock_cve | Low | libjpeg-turbo-1.5.3-12.el8 |
CVE-2020-35527 | anchore_cve | Medium | sqlite-libs-3.26.0-15.el8 |
CVE-2020-35525 | anchore_cve | Low | sqlite-libs-3.26.0-15.el8 |
CVE-2022-39046 | twistlock_cve | Medium | glibc-minimal-langpack-2.28-189.5.el8_6 |
CVE-2022-39046 | twistlock_cve | Medium | glibc-2.28-189.5.el8_6 |
CVE-2022-39046 | twistlock_cve | Medium | glibc-langpack-en-2.28-189.5.el8_6 |
CVE-2022-39046 | twistlock_cve | Medium | glibc-common-2.28-189.5.el8_6 |
CVE-2022-3037 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-35252 | twistlock_cve | Low | curl-7.61.1-22.el8_6.4 |
CVE-2022-35252 | twistlock_cve | Low | libcurl-7.61.1-22.el8_6.4 |
CVE-2022-35252 | anchore_cve | Low | libcurl-7.61.1-22.el8_6.4 |
CVE-2022-35252 | anchore_cve | Low | curl-7.61.1-22.el8_6.4 |
CVE-2022-36033 | twistlock_cve | Medium | org.jsoup_jsoup-1.14.3 |
CVE-2022-2980 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
GHSA-gp7f-rwcx-9369 | anchore_cve | Medium | jsoup-1.14.3 |
CVE-2022-3153 | twistlock_cve | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3153 | anchore_cve | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2020-10735 | twistlock_cve | Medium | platform-python-3.6.8-47.el8_6 |
CVE-2020-10735 | twistlock_cve | Medium | python3-libs-3.6.8-47.el8_6 |
CVE-2018-20839 | twistlock_cve | Medium | systemd-libs-239-58.el8_6.7 |
CVE-2018-20839 | twistlock_cve | Medium | systemd-pam-239-58.el8_6.7 |
CVE-2018-20839 | twistlock_cve | Medium | systemd-239-58.el8_6.7 |
CVE-2019-9674 | twistlock_cve | Low | python3-libs-3.6.8-47.el8_6 |
CVE-2019-9674 | twistlock_cve | Low | platform-python-3.6.8-47.el8_6 |
CVE-2020-12413 | twistlock_cve | Low | nss-3.79.0-10.el8_6 |
CVE-2020-12413 | twistlock_cve | Low | nss-sysinit-3.79.0-10.el8_6 |
CVE-2020-12413 | twistlock_cve | Low | nss-util-3.79.0-10.el8_6 |
CVE-2020-12413 | twistlock_cve | Low | nss-softokn-3.79.0-10.el8_6 |
CVE-2020-12413 | twistlock_cve | Low | nss-softokn-freebl-3.79.0-10.el8_6 |
CVE-2018-20406 | twistlock_cve | Low | platform-python-3.6.8-47.el8_6 |
CVE-2018-20406 | twistlock_cve | Low | python3-libs-3.6.8-47.el8_6 |
CVE-2021-3997 | twistlock_cve | Low | systemd-pam-239-58.el8_6.7 |
CVE-2021-3997 | twistlock_cve | Low | systemd-libs-239-58.el8_6.7 |
CVE-2021-3997 | twistlock_cve | Low | systemd-239-58.el8_6.7 |
CVE-2022-34903 | anchore_cve | Medium | gnupg2-smime-2.2.20-3.el8_6 |
CVE-2022-0391 | anchore_cve | Medium | platform-python-3.6.8-47.el8_6 |
CVE-2020-10735 | anchore_cve | Medium | python3-libs-3.6.8-47.el8_6 |
CVE-2015-20107 | anchore_cve | Medium | platform-python-3.6.8-47.el8_6 |
CVE-2021-28861 | anchore_cve | Medium | python3-libs-3.6.8-47.el8_6 |
CVE-2015-20107 | anchore_cve | Medium | python3-libs-3.6.8-47.el8_6 |
CVE-2022-0391 | anchore_cve | Medium | python3-libs-3.6.8-47.el8_6 |
CVE-2021-28861 | anchore_cve | Medium | platform-python-3.6.8-47.el8_6 |
CVE-2020-10735 | anchore_cve | Medium | platform-python-3.6.8-47.el8_6 |
CVE-2022-34903 | anchore_cve | Medium | gnupg2-2.2.20-3.el8_6 |
CVE-2022-3219 | twistlock_cve | Low | gnupg2-smime-2.2.20-3.el8_6 |
CVE-2022-3219 | twistlock_cve | Low | gnupg2-2.2.20-3.el8_6 |
CVE-2022-3219 | anchore_cve | Low | gnupg2-2.2.20-3.el8_6 |
CVE-2022-3219 | anchore_cve | Low | gnupg2-smime-2.2.20-3.el8_6 |
VAT: https://vat.dso.mil/vat/container/16456?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/solutions-delivery-platform/dependency-check/dependency-check/-/jobs/9108097
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User