chore(findings): synopsys/coverity/coverity-analysis

Summary

synopsys/coverity/coverity-analysis has 116 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/coverity/coverity-analysis&tag=2024.6.0&branch=master

id	source	severity	package
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.22.3
CVE-2024-21131	Anchore CVE	Low	java/jdk-20.0.2+9-78
CVE-2024-21012	Anchore CVE	Low	java/jdk-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.22.3
CVE-2024-21131	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-21011	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-20945	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2024-21011	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.22.3
CVE-2024-21068	Anchore CVE	Low	java/jdk-20.0.2+9-78
CVE-2024-24791	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-21140	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2024-20919	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2024-20952	Anchore CVE	High	java/jdk-20.0.2+9-78
CVE-2024-24790	Anchore CVE	Critical	go-1.22.3
CVE-2024-20921	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.21.10
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.21.10
CVE-2024-21094	Anchore CVE	Low	java/jdk-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	go-1.22.3
CVE-2024-24791	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-24791	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-21147	Anchore CVE	High	java/jre-1.8.0_392-b08
CVE-2024-21147	Anchore CVE	High	java/jre-20.0.2+9-78
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.22.3
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.22.3
CVE-2024-21138	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-21094	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.21.10
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.21.10
CVE-2024-20918	Anchore CVE	High	java/jdk-20.0.2+9-78
CVE-2024-21012	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-24791	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.22.3
CVE-2024-24791	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-21145	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2024-21147	Anchore CVE	High	java/jdk-20.0.2+9-78
CVE-2024-21140	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-20921	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2024-21138	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-20919	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.22.3
CVE-2024-21068	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-21145	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2024-27982	Anchore CVE	Medium	node-18.19.1
CVE-2024-21011	Anchore CVE	Low	java/jdk-20.0.2+9-78
GHSA-xrjj-mj9h-534m	Anchore CVE	Medium	golang.org/x/net-v0.0.0-20220425223048-2871e0cb64e4
CVE-2024-24791	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-21145	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.22.3
CVE-2024-22020	Anchore CVE	Medium	node-18.19.1
CVE-2024-27983	Anchore CVE	High	node-18.19.1
CVE-2024-21085	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-21094	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-24791	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-21144	Anchore CVE	Low	java/jre-1.8.0_392-b08
CVE-2024-20945	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.22.3
CVE-2024-20952	Anchore CVE	High	java/jre-20.0.2+9-78
CVE-2024-24791	Anchore CVE	High	go-1.22.3
CVE-2024-21068	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-21140	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2024-21138	Anchore CVE	Low	java/jdk-20.0.2+9-78
GHSA-2p57-rm9w-gvfp	Anchore CVE	High	ip-2.0.0
GHSA-wm9w-rjj3-j356	Anchore CVE	High	tomcat-coyote-9.0.89
CVE-2024-21131	Anchore CVE	Low	java/jre-20.0.2+9-78
CVE-2024-24791	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.21.10
CVE-2024-24790	Anchore CVE	Critical	stdlib-go1.22.3
CVE-2024-34750	Twistlock CVE	High	tomcat-coyote-9.0.89
CVE-2024-20918	Anchore CVE	High	java/jre-20.0.2+9-78
CVE-2024-24789	Anchore CVE	Medium	stdlib-go1.21.10
CVE-2024-20919	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-20926	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-20921	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-20952	Anchore CVE	High	java/jre-1.8.0_392-b08
CVE-2024-20945	Anchore CVE	Medium	java/jre-1.8.0_392-b08
CVE-2024-20918	Anchore CVE	High	java/jre-1.8.0_392-b08
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.21.10
CVE-2024-34158	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34156	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34158	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34156	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34156	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34156	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.22.3
CVE-2024-34155	Anchore CVE	Low	go-1.22.3
CVE-2024-34156	Anchore CVE	High	go-1.22.3
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.22.3
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	go-1.22.3
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.22.3
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.21.10
CVE-2024-34156	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34156	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34156	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34156	Anchore CVE	High	stdlib-go1.22.3
CVE-2024-34158	Anchore CVE	High	stdlib-go1.21.10
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.21.10
CVE-2024-34155	Anchore CVE	Low	stdlib-go1.22.3
CVE-2023-22081	Anchore CVE	Medium	java/jdk-20.0.2+9-78
CVE-2023-22025	Anchore CVE	Low	java/jdk-20.0.2+9-78
CVE-2023-22081	Anchore CVE	Medium	java/jre-20.0.2+9-78
CVE-2023-22025	Anchore CVE	Low	java/jre-20.0.2+9-78
GHSA-2rmj-mq67-h97g	Anchore CVE	Medium	spring-web-6.1.6
CVE-2024-24789	Twistlock CVE	Medium	archive/zip-1.21.10
CVE-2024-24791	Twistlock CVE	Low	net/http-1.21.10
CVE-2024-24791	Twistlock CVE	Low	net/http-1.22.3
CVE-2024-34156	Twistlock CVE	Low	encoding/gob-1.21.10
CVE-2024-34155	Twistlock CVE	Low	go/parser-1.22.3
CVE-2024-38809	Twistlock CVE	Medium	spring-web-6.1.6

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/coverity/coverity-analysis&tag=2024.6.0&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 25, 2024 by Ghost User

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): synopsys/coverity/coverity-analysis

Summary

Tasks

Questions?