chore(findings): synopsys/seeker/seeker-sensor
Summary
synopsys/seeker/seeker-sensor has 282 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-41900 | Anchore CVE | Medium | jetty-http-9.4.51.v20230217 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-plus-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-xml-9.4.51.v20230217 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.11.4 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-http-9.4.51.v20230217 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.9 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-29.0-jre |
CVE-2023-44487 | Anchore CVE | High | jetty-servlets-9.4.51.v20230217 |
GHSA-9w3m-gqgf-c4p9 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-gm62-rw4g-vrc4 | Anchore CVE | High | logback-core-1.2.12 |
CVE-2023-36478 | Anchore CVE | High | jetty-continuation-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-annotations-9.4.51.v20230217 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-jdbc-9.0.71 |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.11.4 |
CVE-2023-36478 | Anchore CVE | High | jetty-servlet-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-client-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-9.4.51.v20230217 |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
GHSA-7g45-4rm6-3mm3 | Anchore CVE | Medium | guava-31.1-jre |
CVE-2022-22968 | Anchore CVE | Medium | spring-core-5.3.6 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.2.2 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.12 |
GHSA-7hfm-57qf-j43q | Anchore CVE | High | commons-compress-1.20 |
CVE-2023-20860 | Anchore CVE | High | spring-core-5.3.20 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-servlet-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-xml-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-xml-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-server-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-servlets-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-plus-9.4.51.v20230217 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-annotations-9.4.51.v20230217 |
CVE-2023-20863 | Anchore CVE | Medium | spring-core-5.3.6 |
GHSA-3mc7-4q67-w48m | Anchore CVE | High | snakeyaml-1.27 |
GHSA-crv7-7245-f45f | Anchore CVE | High | commons-compress-1.20 |
GHSA-9w3m-gqgf-c4p9 | Anchore CVE | Medium | snakeyaml-1.31 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-9.4.51.v20230217 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.31 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-continuation-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-servlet-9.4.51.v20230217 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.27 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.12 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-continuation-9.4.51.v20230217 |
GHSA-3mc7-4q67-w48m | Anchore CVE | High | snakeyaml-1.27 |
GHSA-2pj2-gchf-wmw7 | Anchore CVE | Medium | zip4j-2.11.1 |
CVE-2023-44487 | Anchore CVE | High | jetty-jndi-9.4.51.v20230217 |
GHSA-hhhw-99gj-p3c3 | Anchore CVE | Medium | snakeyaml-1.27 |
CVE-2023-36478 | Anchore CVE | High | jetty-http-9.4.51.v20230217 |
CVE-2023-20861 | Anchore CVE | Medium | spring-core-5.3.6 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-io-9.4.51.v20230217 |
GHSA-fg2v-w576-w4v3 | Anchore CVE | High | json-smart-2.4.2 |
GHSA-w37g-rhq8-7m4j | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-6vqp-h455-42mr | Anchore CVE | Medium | pdfbox-2.0.21 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-jndi-9.4.51.v20230217 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-util-ajax-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-security-9.4.51.v20230217 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.11 |
GHSA-57j2-w4cx-62h2 | Anchore CVE | High | jackson-databind-2.11.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-http-9.4.51.v20230217 |
GHSA-gm62-rw4g-vrc4 | Anchore CVE | High | logback-core-1.2.12 |
CVE-2023-44487 | Anchore CVE | High | jetty-http-9.4.51.v20230217 |
GHSA-98wm-3w3q-mw94 | Anchore CVE | Medium | snakeyaml-1.27 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-webapp-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-io-9.4.51.v20230217 |
CVE-2023-46589 | Anchore CVE | High | tomcat-jdbc-9.0.71 |
GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.27 |
CVE-2021-22118 | Anchore CVE | High | spring-core-5.3.6 |
GHSA-jm7r-4pg6-gf26 | Anchore CVE | High | yamlbeans-1.11 |
GHSA-mc84-pj99-q6hh | Anchore CVE | High | commons-compress-1.20 |
CVE-2022-22970 | Anchore CVE | Medium | spring-core-5.3.6 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-servlet-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-jndi-9.4.51.v20230217 |
CVE-2022-22950 | Anchore CVE | Medium | spring-core-5.3.6 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-36478 | Anchore CVE | High | jetty-security-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-security-9.4.51.v20230217 |
GHSA-9w3m-gqgf-c4p9 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-w37g-rhq8-7m4j | Anchore CVE | Medium | snakeyaml-1.31 |
CVE-2023-36478 | Anchore CVE | High | jetty-jndi-9.4.51.v20230217 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-ajax-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-util-ajax-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-webapp-9.4.51.v20230217 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.7 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-io-9.4.51.v20230217 |
CVE-2022-22971 | Anchore CVE | Medium | spring-core-5.3.6 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-jdbc-9.0.71 |
GHSA-xqfj-vm6h-2x34 | Anchore CVE | High | commons-compress-1.20 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-client-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-continuation-9.4.51.v20230217 |
CVE-2023-28709 | Anchore CVE | High | tomcat-jdbc-9.0.71 |
GHSA-98wm-3w3q-mw94 | Anchore CVE | Medium | snakeyaml-1.27 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-servlets-9.4.51.v20230217 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.12 |
GHSA-599f-7c49-w659 | Anchore CVE | Critical | commons-text-1.9 |
CVE-2023-44487 | Anchore CVE | High | jetty-client-9.4.51.v20230217 |
GHSA-668q-qrv7-99fm | Anchore CVE | Medium | logback-core-1.2.3 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-security-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-servlet-9.4.51.v20230217 |
CVE-2023-26048 | Anchore CVE | Medium | jetty-setuid-java-1.0.4 |
CVE-2023-20860 | Anchore CVE | High | spring-core-5.3.6 |
GHSA-4jrv-ppp4-jm57 | Anchore CVE | High | gson-2.8.6 |
CVE-2023-36478 | Anchore CVE | High | jetty-xml-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-io-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-plus-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-util-ajax-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-client-9.4.51.v20230217 |
GHSA-vj49-j7rc-h54f | Anchore CVE | Medium | yamlbeans-1.11 |
CVE-2023-36478 | Anchore CVE | High | jetty-server-9.4.51.v20230217 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.11 |
GHSA-vj49-j7rc-h54f | Anchore CVE | Medium | yamlbeans-1.11 |
GHSA-493p-pfq6-5258 | Anchore CVE | High | json-smart-2.4.2 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-xml-9.4.51.v20230217 |
GHSA-jm7r-4pg6-gf26 | Anchore CVE | High | yamlbeans-1.11 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-annotations-9.4.51.v20230217 |
GHSA-w37g-rhq8-7m4j | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-fg3j-q579-v8x4 | Anchore CVE | Medium | pdfbox-2.0.21 |
CVE-2023-44487 | Anchore CVE | High | jetty-continuation-9.4.51.v20230217 |
CVE-2023-36478 | Anchore CVE | High | jetty-annotations-9.4.51.v20230217 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-29.0-jre |
GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.2 |
CVE-2023-36478 | Anchore CVE | High | jetty-plus-9.4.51.v20230217 |
CVE-2023-36478 | Anchore CVE | High | jetty-servlets-9.4.51.v20230217 |
GHSA-hhhw-99gj-p3c3 | Anchore CVE | Medium | snakeyaml-1.27 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-jndi-9.4.51.v20230217 |
GHSA-jm7r-4pg6-gf26 | Anchore CVE | High | yamlbeans-1.11 |
CVE-2023-36478 | Anchore CVE | High | jetty-io-9.4.51.v20230217 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-servlets-9.4.51.v20230217 |
GHSA-2h3j-m7gr-25xj | Anchore CVE | Medium | pdfbox-2.0.21 |
CVE-2023-20863 | Anchore CVE | Medium | spring-core-5.3.20 |
CVE-2023-36478 | Anchore CVE | High | jetty-client-9.4.51.v20230217 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-server-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-setuid-java-1.0.4 |
CVE-2023-36479 | Anchore CVE | Medium | jetty-webapp-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-util-ajax-9.4.51.v20230217 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-jdbc-9.0.71 |
CVE-2023-44487 | Anchore CVE | High | jetty-server-9.4.51.v20230217 |
CVE-2023-26049 | Anchore CVE | Medium | jetty-setuid-java-1.0.4 |
CVE-2023-36478 | Anchore CVE | High | jetty-util-9.4.51.v20230217 |
CVE-2023-36478 | Anchore CVE | High | jetty-webapp-9.4.51.v20230217 |
GHSA-3x8x-79m2-3w2w | Anchore CVE | High | jackson-databind-2.11.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-security-9.4.51.v20230217 |
CVE-2023-42794 | Anchore CVE | Medium | tomcat-jdbc-9.0.71 |
CVE-2023-20861 | Anchore CVE | Medium | spring-core-5.3.20 |
GHSA-c4r9-r8fh-9vj2 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-classic-1.2.3 |
GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.11.4 |
CVE-2023-40167 | Anchore CVE | Medium | jetty-webapp-9.4.51.v20230217 |
CVE-2023-41900 | Anchore CVE | Medium | jetty-server-9.4.51.v20230217 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.5 |
GHSA-c4r9-r8fh-9vj2 | Anchore CVE | Medium | snakeyaml-1.27 |
GHSA-vmq6-5m68-f53m | Anchore CVE | High | logback-core-1.2.3 |
GHSA-5mg8-w23w-74h3 | Anchore CVE | Low | guava-31.1-jre |
GHSA-7grw-6pjh-jpc9 | Anchore CVE | Medium | pdfbox-2.0.21 |
CVE-2022-22965 | Anchore CVE | Critical | spring-core-5.3.6 |
CVE-2023-35116 | Anchore CVE | Medium | jackson-databind-2.13.5 |
GHSA-vj49-j7rc-h54f | Anchore CVE | Medium | yamlbeans-1.11 |
CVE-2023-44487 | Anchore CVE | High | jetty-annotations-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | jetty-plus-9.4.51.v20230217 |
CVE-2023-44487 | Anchore CVE | High | tomcat-jdbc-9.0.71 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4265-ccf5-phj5 | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.21 |
GHSA-4g9r-vxhx-9pgx | Anchore CVE | High | commons-compress-1.20 |
GHSA-264p-99wq-f4j6 | Anchore CVE | High | ion-java-1.0.2 |
CVE-2023-44487 | Anchore CVE | High | tomcat-juli-9.0.71 |
GHSA-r38f-c4h4-hqq2 | Anchore CVE | High | postgresql-42.3.3 |
GHSA-558x-2xjg-6232 | Anchore CVE | Medium | spring-expression-5.3.6 |
CVE-2023-28708 | Anchore CVE | Medium | tomcat-juli-9.0.71 |
GHSA-hr8g-6v94-x4m9 | Anchore CVE | Medium | bcprov-ext-jdk15on-1.69 |
CVE-2023-42794 | Anchore CVE | Medium | tomcat-juli-9.0.71 |
GHSA-g5mm-vmx4-3rg7 | Anchore CVE | High | spring-context-5.3.6 |
CVE-2016-5425 | Anchore CVE | High | tomcat-juli-9.0.71 |
GHSA-rfmp-97jj-h8m6 | Anchore CVE | Medium | spring-core-5.3.6 |
GHSA-562r-vg33-8x8h | Anchore CVE | Medium | postgresql-42.3.3 |
GHSA-24rp-q3w6-vc56 | Anchore CVE | Critical | postgresql-42.3.3 |
GHSA-jjfh-589g-3hjx | Anchore CVE | Medium | spring-boot-2.6.8 |
GHSA-jjfh-589g-3hjx | Anchore CVE | Medium | spring-boot-2.4.5 |
CVE-2023-45648 | Anchore CVE | Medium | tomcat-juli-9.0.71 |
GHSA-564r-hj7v-mcr5 | Anchore CVE | Medium | spring-expression-5.3.6 |
GHSA-564r-hj7v-mcr5 | Anchore CVE | Medium | spring-expression-5.3.20 |
CVE-2016-6325 | Anchore CVE | High | tomcat-juli-9.0.71 |
GHSA-wxqc-pxw9-g2p8 | Anchore CVE | High | spring-expression-5.3.20 |
GHSA-wxqc-pxw9-g2p8 | Anchore CVE | High | spring-expression-5.3.6 |
CVE-2023-46589 | Anchore CVE | High | tomcat-juli-9.0.71 |
CVE-2023-28709 | Anchore CVE | High | tomcat-juli-9.0.71 |
GHSA-36p3-wjmg-h94x | Anchore CVE | Critical | spring-beans-5.3.6 |
CVE-2023-41080 | Anchore CVE | Medium | tomcat-juli-9.0.71 |
GHSA-wjxj-5m7g-mg7q | Anchore CVE | Medium | bcprov-ext-jdk15on-1.69 |
GHSA-jjfh-589g-3hjx | Anchore CVE | Medium | spring-boot-2.7.11 |
GHSA-hh26-6xwr-ggv7 | Anchore CVE | High | spring-beans-5.3.6 |
GHSA-6gf2-pvqw-37ph | Anchore CVE | Medium | spring-core-5.3.6 |
CVE-2023-42795 | Anchore CVE | Medium | tomcat-juli-9.0.71 |
CVE-2024-1597 | Twistlock CVE | Critical | org.postgresql_postgresql-42.3.3 |
CVE-2022-42889 | Twistlock CVE | Critical | org.apache.commons_commons-text-1.9 |
CVE-2022-0839 | Twistlock CVE | Critical | liquibase-core-4.4.2 |
CVE-2023-24621 | Twistlock CVE | High | com.esotericsoftware.yamlbeans_yamlbeans-1.11 |
CVE-2022-25647 | Twistlock CVE | High | com.google.code.gson_gson-2.8.6 |
CVE-2023-20863 | Twistlock CVE | High | spring-expression-5.3.20 |
CVE-2023-20863 | Twistlock CVE | High | spring-expression-5.3.6 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-2.4.2 |
CVE-2023-1370 | Twistlock CVE | High | net.minidev_json-smart-2.4.7 |
CVE-2022-22970 | Twistlock CVE | High | spring-beans-5.3.6 |
CVE-2022-22968 | Twistlock CVE | High | spring-context-5.3.6 |
CVE-2021-31684 | Twistlock CVE | High | net.minidev_json-smart-2.4.2 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.11 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.12 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-classic-1.2.3 |
CVE-2022-31197 | Twistlock CVE | High | org.postgresql_postgresql-42.3.3 |
CVE-2023-34055 | Twistlock CVE | Medium | spring-boot-2.6.8 |
CVE-2023-34055 | Twistlock CVE | Medium | spring-boot-2.4.5 |
CVE-2023-34055 | Twistlock CVE | Medium | spring-boot-2.7.11 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-expression-5.3.20 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-expression-5.3.6 |
CVE-2022-22950 | Twistlock CVE | Medium | spring-expression-5.3.6 |
CVE-2023-22899 | Twistlock CVE | Medium | net.lingala.zip4j_zip4j-2.11.1 |
CVE-2023-24620 | Twistlock CVE | Medium | com.esotericsoftware.yamlbeans_yamlbeans-1.11 |
CVE-2021-31812 | Twistlock CVE | Medium | org.apache.pdfbox_pdfbox-2.0.21 |
CVE-2021-31811 | Twistlock CVE | Medium | org.apache.pdfbox_pdfbox-2.0.21 |
CVE-2021-27906 | Twistlock CVE | Medium | org.apache.pdfbox_pdfbox-2.0.21 |
CVE-2021-27807 | Twistlock CVE | Medium | org.apache.pdfbox_pdfbox-2.0.21 |
CVE-2023-51074 | Twistlock CVE | Medium | json-path-2.6.0 |
CVE-2023-51074 | Twistlock CVE | Medium | json-path-2.7.0 |
CVE-2023-33201 | Twistlock CVE | Medium | org.bouncycastle_bcprov-ext-jdk15on-1.69 |
CVE-2022-41946 | Twistlock CVE | Medium | org.postgresql_postgresql-42.3.3 |
CVE-2023-33202 | Twistlock CVE | Medium | org.bouncycastle_bcprov-ext-jdk15on-1.69 |
CVE-2024-21634 | Twistlock CVE | High | software.amazon.ion_ion-java-1.0.2 |
CVE-2022-22965 | Twistlock CVE | Critical | spring-core-5.3.6 |
CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.27 |
CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.31 |
CVE-2021-22118 | Twistlock CVE | High | spring-core-5.3.6 |
CVE-2023-6481 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.12 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.3 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.11 |
CVE-2023-6378 | Twistlock CVE | High | ch.qos.logback_logback-core-1.2.12 |
CVE-2023-44487 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.51.v20230217 |
CVE-2023-36478 | Twistlock CVE | High | org.eclipse.jetty_jetty-io-9.4.51.v20230217 |
CVE-2023-20860 | Twistlock CVE | High | spring-core-5.3.20 |
CVE-2023-20860 | Twistlock CVE | High | spring-core-5.3.6 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.4 |
CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.4 |
CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.2 |
CVE-2022-25857 | Twistlock CVE | High | org.yaml_snakeyaml-1.27 |
CVE-2021-46877 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.11.4 |
CVE-2021-36090 | Twistlock CVE | High | org.apache.commons_commons-compress-1.20 |
CVE-2021-35517 | Twistlock CVE | High | org.apache.commons_commons-compress-1.20 |
CVE-2021-35516 | Twistlock CVE | High | org.apache.commons_commons-compress-1.20 |
CVE-2021-35515 | Twistlock CVE | High | org.apache.commons_commons-compress-1.20 |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.1-jre |
CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-29.0-jre |
CVE-2021-42550 | Twistlock CVE | Medium | ch.qos.logback_logback-core-1.2.3 |
CVE-2023-20863 | Twistlock CVE | Medium | spring-core-5.3.20 |
CVE-2023-20863 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-core-5.3.20 |
CVE-2023-20861 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2022-41854 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.31 |
CVE-2022-41854 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38752 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.31 |
CVE-2022-38752 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38751 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-38749 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2022-22971 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2022-22950 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2024-26308 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.21 |
CVE-2024-25710 | Twistlock CVE | Medium | org.apache.commons_commons-compress-1.20 |
CVE-2022-38750 | Twistlock CVE | Medium | org.yaml_snakeyaml-1.27 |
CVE-2023-40167 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.51.v20230217 |
CVE-2022-22970 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2022-22968 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2023-41900 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.51.v20230217 |
CVE-2023-36479 | Twistlock CVE | Medium | org.eclipse.jetty_jetty-io-9.4.51.v20230217 |
CVE-2021-22096 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2021-22060 | Twistlock CVE | Medium | spring-core-5.3.6 |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-31.1-jre |
CVE-2020-8908 | Twistlock CVE | Low | com.google.guava_guava-29.0-jre |
CVE-2022-22965 | Twistlock CVE | Critical | spring-beans-5.3.6 |
CVE-2024-34397 | Twistlock CVE | Medium | glib2-2.56.4-161.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=synopsys/seeker/seeker-sensor&tag=2024.2.0&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/seeker/seeker-sensor&tag=2023.3.0&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.