chore(findings): solutions-delivery-platform/sonar-scanner/sonar-scanner
Summary
solutions-delivery-platform/sonar-scanner/sonar-scanner has 56 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-21340 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21541 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21291 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21360 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21293 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21282 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21277 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2021-2341 | Anchore CVE | Low | java-11.0.11+9 |
CVE-2022-21305 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21540 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21283 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21366 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21296 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21365 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21299 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21248 | Anchore CVE | Low | java-11.0.11+9 |
CVE-2022-21341 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21294 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2023-21968 | Anchore CVE | Low | java-11.0.11+9 |
CVE-2023-21937 | Anchore CVE | Low | java-11.0.11+9 |
CVE-2023-21954 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2023-21930 | Anchore CVE | High | java-11.0.11+9 |
CVE-2023-21939 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2023-21938 | Anchore CVE | Low | java-11.0.11+9 |
CVE-2023-21967 | Anchore CVE | Medium | java-11.0.11+9 |
CVE-2022-21476 | Anchore CVE | High | java-11.0.11+9 |
GHSA-w33c-445m-f8w7 | Anchore CVE | Medium | okio-1.17.2 |
CVE-2023-0833 | Anchore CVE | Medium | okhttp-3.14.2 |
CVE-2023-21930 | Twistlock CVE | High | java-11.0.11 |
CVE-2023-3635 | Twistlock CVE | Medium | com.squareup.okio_okio-1.17.2 |
CVE-2023-21967 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2023-21954 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21541 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2023-0833 | Twistlock CVE | Medium | com.squareup.okhttp3_okhttp-3.14.2 |
CVE-2023-21939 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21540 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21366 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21365 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21360 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21341 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21340 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21305 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21299 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21296 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21294 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21293 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21291 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21283 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21282 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2022-21277 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2021-2369 | Twistlock CVE | Medium | java-11.0.11 |
CVE-2023-21968 | Twistlock CVE | Low | java-11.0.11 |
CVE-2023-21938 | Twistlock CVE | Low | java-11.0.11 |
CVE-2023-21937 | Twistlock CVE | Low | java-11.0.11 |
CVE-2022-21248 | Twistlock CVE | Low | java-11.0.11 |
CVE-2021-2341 | Twistlock CVE | Low | java-11.0.11 |
VAT: https://vat.dso.mil/vat/image?imageName=solutions-delivery-platform/sonar-scanner/sonar-scanner&tag=4.6.2.2472&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=solutions-delivery-platform/sonar-scanner/sonar-scanner&tag=4.6.2.2472&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.