chore(findings): synopsys/codedx/codedx-docker-tomcat
Summary
synopsys/codedx/codedx-docker-tomcat has 374 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2012-5370 | Anchore CVE | Medium | jruby-complete-9.4.3.0 |
CVE-2021-23383 | Anchore CVE | Critical | handlebars-4.3.1 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 |
GHSA-mjmq-gwgm-5qhm | Anchore CVE | Medium | sshd-common-2.9.2 |
CVE-2019-20920 | Anchore CVE | High | handlebars-4.3.1 |
GHSA-cj8w-v588-p8wx | Anchore CVE | High | pf4j-3.6.0 |
GHSA-3p86-9955-h393 | Anchore CVE | High | org.eclipse.jgit-6.4.0.202211300538-r |
GHSA-2474-2566-3qxp | Anchore CVE | Medium | batik-script-1.16 |
GHSA-mjmq-gwgm-5qhm | Anchore CVE | Medium | sshd-sftp-2.9.2 |
CVE-2023-20860 | Anchore CVE | High | spring-core-5.3.22 |
GHSA-97xg-phpr-rg8q | Anchore CVE | Critical | bcel-6.5.0 |
GHSA-3r28-rgp9-qgv4 | Anchore CVE | High | pf4j-3.6.0 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.14.1 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-transcoder-1.16 |
CVE-2023-20863 | Anchore CVE | Medium | spring-core-5.3.22 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.86.Final |
GHSA-rvm8-j2cp-j592 | Anchore CVE | High | pf4j-3.6.0 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.33 |
CVE-2023-20861 | Anchore CVE | Medium | spring-core-5.3.22 |
CVE-2021-23369 | Anchore CVE | Critical | handlebars-4.3.1 |
CVE-2019-20922 | Anchore CVE | High | handlebars-4.3.1 |
GHSA-hfrx-6qgj-fp6c | Anchore CVE | High | commons-fileupload-1.3.3 |
CVE-2015-4035 | Anchore CVE | High | xz-1.9 |
GHSA-gq5f-xv48-2365 | Anchore CVE | High | batik-bridge-1.16 |
GHSA-cgwf-w82q-5jrr | Anchore CVE | Medium | commons-compress-1.22 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.86.Final |
GHSA-xfrj-6vvc-3xm2 | Anchore CVE | Medium | xmlsec-2.3.0 |
CVE-2023-35887 | Anchore CVE | Medium | sshd-core-2.9.2 |
CVE-2023-35887 | Anchore CVE | Medium | sshd-osgi-2.9.2 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.9 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.9 |
GHSA-hhw5-c326-822h | Anchore CVE | Medium | shiro-web-1.12.0 |
GHSA-22wj-vf5f-wrvj | Anchore CVE | High | h2-2.1.214 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-core-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-config-ogdl-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-hash-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-cache-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-config-core-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-lang-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-core-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-crypto-cipher-1.12.0 |
CVE-2023-46750 | Anchore CVE | Medium | shiro-event-1.12.0 |
CVE-2023-48795 | Anchore CVE | Medium | sshd-core-2.9.2 |
CVE-2023-48795 | Anchore CVE | Medium | sshd-osgi-2.9.2 |
CVE-2023-48795 | Anchore CVE | Medium | sshd-sftp-2.9.2 |
CVE-2023-48795 | Anchore CVE | Medium | sshd-common-2.9.2 |
GHSA-jc7h-c423-mpjc | Anchore CVE | Medium | shiro-core-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-config-ogdl-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-cache-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-web-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-event-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-hash-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-config-core-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-core-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-crypto-cipher-1.12.0 |
CVE-2023-46749 | Anchore CVE | Medium | shiro-lang-1.12.0 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.22 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.22 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.31 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.86.Final |
CVE-2018-17190 | Anchore CVE | Critical | spark-mllib-local_2.13-3.4.0 |
GHSA-mvr2-9pj6-7w5j | Anchore CVE | Medium | guava-14.0.1 |
CVE-2018-11770 | Anchore CVE | Medium | spark-sketch_2.13-3.4.0 |
GHSA-p26g-97m4-6q7c | Anchore CVE | Low | jetty-server-9.4.50.v20221201 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-9.4.50.v20221201 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-graphx_2.13-3.4.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.0.1-jre |
GHSA-668q-qrv7-99fm | Anchore CVE | Medium | logback-core-1.2.3 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 |
CVE-2023-36478 | Anchore CVE | High | jetty-security-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-client-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-sql_2.13-3.4.0 |
GHSA-rhrv-645h-fjfh | Anchore CVE | High | avro-1.7.7 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-continuation-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-common-3.3.4 |
CVE-2018-11770 | Anchore CVE | Medium | spark-tags_2.13-3.4.0 |
CVE-2023-36478 | Anchore CVE | High | jetty-proxy-9.4.50.v20221201 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-security-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-tags_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-ajax-9.4.43.v20210629 |
GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.8 |
CVE-2023-44981 | Anchore CVE | Critical | zookeeper-jute-3.6.3 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-ajax-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-core-3.3.4 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-ajax-9.4.43.v20210629 |
CVE-2023-36478 | Anchore CVE | High | jetty-http-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-client-api-3.3.4 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-io-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-server-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-9.4.50.v20221201 |
CVE-2022-2048 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 |
GHSA-fg2v-w576-w4v3 | Anchore CVE | High | json-smart-1.3.2 |
CVE-2023-44487 | Anchore CVE | High | jetty-servlets-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-core_2.13-3.4.0 |
CVE-2018-17190 | Anchore CVE | Critical | spark-network-common_2.13-3.4.0 |
CVE-2018-17190 | Anchore CVE | Critical | spark-launcher_2.13-3.4.0 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-ajax-9.4.43.v20210629 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-security-9.4.50.v20221201 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.3 |
CVE-2023-44487 | Anchore CVE | High | jetty-servlet-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-kvstore_2.13-3.4.0 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 |
CVE-2023-36478 | Anchore CVE | High | jetty-client-9.4.50.v20221201 |
GHSA-3f7h-mf4q-vrm4 | Anchore CVE | Medium | woodstox-core-5.3.0 |
GHSA-hmr7-m48g-48f6 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-streaming_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-mllib-local_2.13-3.4.0 |
GHSA-gvpg-vgmx-xg6w | Anchore CVE | Medium | nimbus-jose-jwt-9.8.1 |
GHSA-h4h5-3hr4-j3g2 | Anchore CVE | Medium | protobuf-java-3.7.0 |
GHSA-g5ww-5jh7-63cx | Anchore CVE | High | protobuf-java-3.7.0 |
CVE-2018-17190 | Anchore CVE | Critical | spark-sql_2.13-3.4.0 |
GHSA-gwrp-pvrq-jmwv | Anchore CVE | Medium | commons-io-2.6 |
CVE-2018-11804 | Anchore CVE | High | spark-streaming_2.13-3.4.0 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 |
CVE-2023-36478 | Anchore CVE | High | jetty-servlets-9.4.50.v20221201 |
CVE-2022-2047 | Anchore CVE | Low | jetty-xml-9.4.43.v20210629 |
CVE-2018-17190 | Anchore CVE | Critical | spark-catalyst_2.13-3.4.0 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-ajax-9.4.43.v20210629 |
CVE-2018-11770 | Anchore CVE | Medium | spark-network-common_2.13-3.4.0 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-continuation-9.4.50.v20221201 |
GHSA-wrvw-hg22-4m67 | Anchore CVE | High | protobuf-java-3.7.0 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-security-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-tags_2.13-3.4.0 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
CVE-2018-11770 | Anchore CVE | Medium | spark-network-shuffle_2.13-3.4.0 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
CVE-2023-36478 | Anchore CVE | High | jetty-io-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-continuation-9.4.50.v20221201 |
GHSA-xpw8-rcwv-8f8p | Anchore CVE | High | netty-codec-http2-4.1.87.Final |
GHSA-9w38-p64v-xpmv | Anchore CVE | Medium | commons-configuration2-2.1.1 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-network-common_2.13-3.4.0 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk15on-1.70 |
CVE-2018-11804 | Anchore CVE | High | spark-launcher_2.13-3.4.0 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-core_2.13-3.4.0 |
CVE-2018-11804 | Anchore CVE | High | spark-sketch_2.13-3.4.0 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-29.0-jre |
GHSA-58qw-p7qm-5rvh | Anchore CVE | Low | jetty-xml-9.4.43.v20210629 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
CVE-2023-26031 | Anchore CVE | High | hadoop-auth-3.3.4 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-ajax-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-api-3.3.4 |
CVE-2018-11804 | Anchore CVE | High | spark-kvstore_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-hdfs-client-3.3.4 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-29.0-jre |
CVE-2023-26049 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-security-9.4.50.v20221201 |
CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-common-3.3.4 |
CVE-2022-42920 | Twistlock CVE | Critical | org.apache.bcel_bcel-6.5.0 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.8 |
CVE-2023-40828 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 |
CVE-2023-40827 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 |
CVE-2023-40826 | Twistlock CVE | High | org.pf4j_pf4j-3.6.0 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 |
CVE-2022-3510 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 |
CVE-2022-3509 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 |
CVE-2021-31684 | Twistlock CVE | High | net.minidev_json-smart-1.3.2 |
CVE-2021-22570 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 |
CVE-2021-22569 | Twistlock CVE | High | com.google.protobuf_protobuf-java-3.7.0 |
CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-transcoder-1.16 |
CVE-2022-44729 | Twistlock CVE | High | org.apache.xmlgraphics_batik-bridge-1.16 |
CVE-2022-40152 | Twistlock CVE | Medium | com.fasterxml.woodstox_woodstox-core-5.3.0 |
CVE-2021-37533 | Twistlock CVE | Medium | commons-net_commons-net-3.6 |
CVE-2022-3171 | Twistlock CVE | Medium | com.google.protobuf_protobuf-java-3.7.0 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2023-35887 | Twistlock CVE | Medium | org.apache.sshd_sshd-sftp-2.9.2 |
CVE-2023-35887 | Twistlock CVE | Medium | org.apache.sshd_sshd-common-2.9.2 |
CVE-2022-44730 | Twistlock CVE | Medium | org.apache.xmlgraphics_batik-script-1.16 |
CVE-2023-39410 | Twistlock CVE | High | org.apache.avro_avro-1.7.7 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.3 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.11 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.9 |
CVE-2023-46750 | Twistlock CVE | Medium | org.apache.shiro_shiro-web-1.12.0 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71 |
CVE-2023-4759 | Twistlock CVE | High | org.eclipse.jgit_org.eclipse.jgit-6.4.0.202211300538-r |
GHSA-xpw8-rcwv-8f8p | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.86.Final |
GHSA-xpw8-rcwv-8f8p | Twistlock CVE | High | io.netty_netty-codec-http2-4.1.87.Final |
CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.87.Final |
CVE-2023-34462 | Twistlock CVE | Medium | io.netty_netty-handler-4.1.86.Final |
CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-http-9.4.50.v20221201 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-server-9.4.50.v20221201 |
GHSA-58qw-p7qm-5rvh | Twistlock CVE | Low | org.eclipse.jetty_jetty-xml-9.4.43.v20210629 |
CVE-2023-36479 | Twistlock CVE | Low | org.eclipse.jetty_jetty-servlets-9.4.50.v20221201 |
CVE-2023-26049 | Twistlock CVE | Low | org.eclipse.jetty_jetty-server-9.4.50.v20221201 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2024-23944 | Twistlock CVE | Medium | org.apache.zookeeper_zookeeper-3.6.3 |
CVE-2023-52428 | Twistlock CVE | Medium | com.nimbusds_nimbus-jose-jwt-9.8.1 |
CVE-2023-52428 | Twistlock CVE | Medium | com.nimbusds_nimbus-jose-jwt-9.31 |
CVE-2024-29133 | Twistlock CVE | Medium | org.apache.commons_commons-configuration2-2.1.1 |
CVE-2024-29131 | Twistlock CVE | Medium | org.apache.commons_commons-configuration2-2.1.1 |
CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.86.Final |
CVE-2024-29025 | Twistlock CVE | Medium | io.netty_netty-codec-http-4.1.87.Final |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 |
CVE-2023-36478 | Anchore CVE | High | jetty-continuation-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-catalyst_2.13-3.4.0 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
GHSA-cgp8-4m63-fhh5 | Anchore CVE | Medium | commons-net-3.6 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 |
GHSA-r978-9m6m-6gm6 | Anchore CVE | Medium | zookeeper-3.6.3 |
CVE-2023-36478 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
CVE-2018-11770 | Anchore CVE | Medium | spark-graphx_2.13-3.4.0 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-36478 | Anchore CVE | High | jetty-servlet-9.4.50.v20221201 |
CVE-2023-26031 | Anchore CVE | High | hadoop-client-3.3.4 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-mllib-local_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-mllib_2.13-3.4.0 |
GHSA-xjp4-hw94-mvp5 | Anchore CVE | Medium | commons-configuration2-2.1.1 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-continuation-9.4.50.v20221201 |
GHSA-77rm-9x9h-xj3g | Anchore CVE | High | protobuf-java-3.7.0 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-webapp-9.4.43.v20210629 |
GHSA-6mjq-h674-j845 | Anchore CVE | Medium | netty-handler-4.1.87.Final |
CVE-2018-17190 | Anchore CVE | Critical | spark-sketch_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-proxy-9.4.50.v20221201 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 |
CVE-2018-17190 | Anchore CVE | Critical | spark-network-shuffle_2.13-3.4.0 |
CVE-2023-26031 | Anchore CVE | High | hadoop-annotations-3.3.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-servlet-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-unsafe_2.13-3.4.0 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-14.0.1 |
GHSA-3gh6-v5v9-6v9j | Anchore CVE | Low | jetty-servlets-9.4.50.v20221201 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-util-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-mllib_2.13-3.4.0 |
CVE-2022-2047 | Anchore CVE | Low | jetty-webapp-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-common-3.3.4 |
GHSA-7286-pgfv-vxvh | Anchore CVE | Critical | zookeeper-3.6.3 |
GHSA-qw69-rqj8-6qw8 | Anchore CVE | Medium | jetty-server-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-unsafe_2.13-3.4.0 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-catalyst_2.13-3.4.0 |
CVE-2023-36478 | Anchore CVE | High | jetty-plus-9.4.50.v20221201 |
CVE-2018-17190 | Anchore CVE | Critical | spark-streaming_2.13-3.4.0 |
CVE-2023-44487 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcpkix-jdk18on-1.71 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-client-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-xml-9.4.43.v20210629 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-1.3.2 |
GHSA-5jpm-x58v-624v | Anchore CVE | Medium | netty-codec-http-4.1.87.Final |
CVE-2023-26049 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-security-9.4.50.v20221201 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-continuation-9.4.50.v20221201 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-core_2.13-3.4.0 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-io-9.4.50.v20221201 |
CVE-2007-1100 | Anchore CVE | High | pickle-1.3 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.0.1-jre |
CVE-2023-36478 | Anchore CVE | High | jetty-webapp-9.4.43.v20210629 |
CVE-2023-36478 | Anchore CVE | High | jetty-server-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-network-shuffle_2.13-3.4.0 |
CVE-2018-17190 | Anchore CVE | Critical | spark-graphx_2.13-3.4.0 |
CVE-2022-2048 | Anchore CVE | High | jetty-xml-9.4.43.v20210629 |
CVE-2023-44487 | Anchore CVE | High | jetty-proxy-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-mllib_2.13-3.4.0 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-http-9.4.50.v20221201 |
CVE-2023-44487 | Anchore CVE | High | jetty-security-9.4.50.v20221201 |
CVE-2018-11804 | Anchore CVE | High | spark-unsafe_2.13-3.4.0 |
CVE-2023-26031 | Anchore CVE | High | hadoop-yarn-client-3.3.4 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-http-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-launcher_2.13-3.4.0 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-servlets-9.4.50.v20221201 |
CVE-2018-11770 | Anchore CVE | Medium | spark-kvstore_2.13-3.4.0 |
CVE-2018-11804 | Anchore CVE | High | spark-sql_2.13-3.4.0 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-continuation-9.4.50.v20221201 |
GHSA-4gg5-vx3j-xwc7 | Anchore CVE | High | protobuf-java-3.7.0 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.3 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk18on-1.71 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-jdk15on-1.70 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-util-ajax-9.4.43.v20210629 |
CVE-2023-26031 | Anchore CVE | High | hadoop-mapreduce-client-jobclient-3.3.4 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-14.0.1 |
CVE-2023-44487 | Anchore CVE | High | jetty-plus-9.4.50.v20221201 |
CVE-2023-39410 | Anchore CVE | High | avro-ipc-1.11.1 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-plus-9.4.50.v20221201 |
CVE-2023-39410 | Anchore CVE | High | avro-mapred-1.11.1 |
GHSA-4h8f-2wvx-gg5w | Anchore CVE | Low | bcprov-jdk18on-1.71 |
GHSA-4h8f-2wvx-gg5w | Anchore CVE | Low | bcprov-jdk18on-1.71 |
GHSA-4h8f-2wvx-gg5w | Anchore CVE | Low | bcprov-jdk18on-1.71 |
CVE-2024-34447 | Twistlock CVE | Low | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.33 |
CVE-2023-44981 | Twistlock CVE | Critical | org.apache.zookeeper_zookeeper-3.6.3 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.9 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.3 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.11 |
CVE-2023-44487 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2023-36478 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2023-24998 | Twistlock CVE | High | commons-fileupload_commons-fileupload-1.3.3 |
CVE-2023-20860 | Twistlock CVE | High | spring-core-5.3.22 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-29.0-jre |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.0.1-jre |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-14.0.1 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.1-jre |
CVE-2021-42550 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.3 |
CVE-2023-46749 | Twistlock CVE | Medium | org.apache.shiro_shiro-core-1.12.0 |
CVE-2023-44483 | Twistlock CVE | Medium | org.apache.santuario_xmlsec-2.3.0 |
CVE-2023-20863 | Twistlock CVE | Medium | spring-core-5.3.22 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-core-5.3.22 |
CVE-2023-46750 | Twistlock CVE | Medium | org.apache.shiro_shiro-core-1.12.0 |
CVE-2018-10237 | Twistlock CVE | Medium | com.google.guava_guava-14.0.1 |
CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2023-42503 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.22 |
CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2023-26049 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2023-26048 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2021-29425 | Twistlock CVE | Medium | commons-io_commons-io-2.6 |
CVE-2023-41900 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2023-36479 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.50.v20221201 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.1-jre |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-14.0.1 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.0.1-jre |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-29.0-jre |
CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71 |
CVE-2024-30171 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71 |
CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71 |
CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2024-30172 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71 |
CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk15on-1.70 |
CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcpkix-jdk18on-1.71 |
CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bcprov-jdk18on-1.71 |
CVE-2024-29857 | Twistlock CVE | Medium | org.bouncycastle_bctls-jdk18on-1.71 |
VAT: https://vat.dso.mil/vat/image?imageName=synopsys/codedx/codedx-docker-tomcat&tag=v2023.8.2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/codedx/codedx-docker-tomcat&tag=v2023.1.1&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.