chore(findings): unstructured-api/unstructured-api
Summary
unstructured-api/unstructured-api has 232 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
993f1cd59a73c18907c6c14ab0ed8b7d | Anchore Compliance | Critical | |
CVE-2023-47038 | Anchore CVE | Medium | perl-B-0:1.80-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-mro-0:1.23-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-File-Compare-0:1.100.600-480.el9 |
CVE-2022-37050 | Anchore CVE | Medium | poppler-utils-21.01.0-18.el9 |
GHSA-44wm-f244-xhp3 | Anchore CVE | Medium | pillow-10.2.0 |
CVE-2023-38472 | Anchore CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38469 | Anchore CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2021-29390 | Anchore CVE | Medium | libjpeg-turbo-2.0.90-6.el9_1 |
GHSA-v845-jxx5-vc9f | Anchore CVE | Medium | urllib3-1.26.8 |
CVE-2023-47038 | Anchore CVE | Medium | perl-File-Basename-0:2.85-480.el9 |
CVE-2023-27043 | Anchore CVE | Medium | python3.11-3.11.5-1.el9_3 |
CVE-2023-47038 | Anchore CVE | Medium | perl-IPC-Open3-0:1.21-480.el9 |
CVE-2023-25193 | Anchore CVE | Medium | harfbuzz-2.7.4-8.el9 |
CVE-2023-43787 | Anchore CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-File-Find-0:1.37-480.el9 |
CVE-2023-6228 | Anchore CVE | Low | libtiff-4.4.0-10.el9 |
CVE-2023-43786 | Anchore CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2021-4217 | Anchore CVE | Low | unzip-6.0-56.el9 |
CVE-2023-43787 | Anchore CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-overloading-0:0.02-480.el9 |
CVE-2022-38784 | Anchore CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2023-40745 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-Symbol-0:1.08-480.el9 |
CVE-2023-25433 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-38473 | Anchore CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-Getopt-Std-0:1.12-480.el9 |
CVE-2023-43787 | Anchore CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-vars-0:1.05-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-DynaLoader-0:1.47-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-AutoLoader-0:5.74-480.el9 |
CVE-2017-6519 | Anchore CVE | Low | avahi-libs-0.8-15.el9 |
GHSA-g4mx-q9vg-27p4 | Anchore CVE | Medium | urllib3-1.26.8 |
CVE-2023-47038 | Anchore CVE | Medium | perl-IO-0:1.43-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-libs-4:5.32.1-480.el9 |
CVE-2023-41175 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-43785 | Anchore CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-overload-0:1.31-480.el9 |
CVE-2022-37052 | Anchore CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2023-43786 | Anchore CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-43785 | Anchore CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-File-stat-0:1.09-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-SelectSaver-0:1.02-480.el9 |
CVE-2022-37052 | Anchore CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-NDBM_File-0:1.15-480.el9 |
CVE-2022-37050 | Anchore CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2023-43786 | Anchore CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-interpreter-4:5.32.1-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-FileHandle-0:2.03-480.el9 |
CVE-2023-43785 | Anchore CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-3618 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2017-1000383 | Anchore CVE | Low | emacs-filesystem-1:27.2-9.el9 |
CVE-2023-27043 | Anchore CVE | Medium | python3.11-libs-3.11.5-1.el9_3 |
CVE-2023-25434 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-subs-0:1.03-480.el9 |
CVE-2022-40090 | Anchore CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-base-0:2.27-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-File-Copy-0:2.34-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-Fcntl-0:1.13-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-if-0:0.60.800-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-Class-Struct-0:0.66-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-POSIX-0:1.94-480.el9 |
CVE-2023-47038 | Anchore CVE | Medium | perl-Errno-0:1.30-480.el9 |
CVE-2022-38784 | Anchore CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2023-38470 | Anchore CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38471 | Anchore CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-6597 | Anchore CVE | High | python3.11-libs-3.11.5-1.el9_3 |
CVE-2022-33068 | Anchore CVE | Medium | java-11-openjdk-headless-1:11.0.23.0.9-3.el9 |
CVE-2024-33602 | Anchore CVE | Low | glibc-gconv-extra-2.34-83.el9_3.12 |
GHSA-jjg7-2v4v-x38h | Anchore CVE | Medium | idna-3.6 |
CVE-2024-33599 | Anchore CVE | High | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2023-48161 | Anchore CVE | Medium | java-11-openjdk-headless-1:11.0.23.0.9-3.el9 |
CVE-2024-0450 | Anchore CVE | Medium | python3.11-libs-3.11.5-1.el9_3 |
CVE-2024-0450 | Anchore CVE | Medium | python3.11-3.11.5-1.el9_3 |
GHSA-37q5-v5qm-c9v8 | Anchore CVE | Low | transformers-4.37.1 |
CVE-2023-6597 | Anchore CVE | High | python3.11-3.11.5-1.el9_3 |
CVE-2024-33601 | Anchore CVE | Low | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-33600 | Anchore CVE | Medium | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-2961 | Anchore CVE | High | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2023-2004 | Anchore CVE | Low | java-11-openjdk-headless-1:11.0.23.0.9-3.el9 |
CCE-83637-9 | OSCAP Compliance | Medium | |
CCE-90801-2 | OSCAP Compliance | Medium | |
CCE-90808-7 | OSCAP Compliance | Medium | |
CCE-90798-0 | OSCAP Compliance | Medium | |
CCE-90807-9 | OSCAP Compliance | Medium | |
CCE-90815-2 | OSCAP Compliance | Medium | |
CCE-90805-3 | OSCAP Compliance | Medium | |
CCE-88822-2 | OSCAP Compliance | Medium | |
CVE-2024-28834 | OSCAP Compliance | Medium | |
CVE-2024-28835 | OSCAP Compliance | Medium | |
CVE-2023-38469 | OSCAP Compliance | Medium | |
CVE-2023-38470 | OSCAP Compliance | Medium | |
CVE-2023-38471 | OSCAP Compliance | Medium | |
CVE-2023-38472 | OSCAP Compliance | Medium | |
CVE-2023-38473 | OSCAP Compliance | Medium | |
CVE-2023-25193 | OSCAP Compliance | Medium | |
CVE-2021-29390 | OSCAP Compliance | Medium | |
CVE-2023-27043 | OSCAP Compliance | Medium | |
CVE-2022-40090 | OSCAP Compliance | Medium | |
CVE-2023-3618 | OSCAP Compliance | Medium | |
CVE-2023-40745 | OSCAP Compliance | Medium | |
CVE-2023-41175 | OSCAP Compliance | Medium | |
CVE-2023-6228 | OSCAP Compliance | Medium | |
CVE-2023-47038 | OSCAP Compliance | Medium | |
CVE-2023-43785 | OSCAP Compliance | Medium | |
CVE-2023-43786 | OSCAP Compliance | Medium | |
CVE-2023-43787 | OSCAP Compliance | Medium | |
CVE-2021-31535 | Twistlock CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2021-31535 | Twistlock CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2021-31535 | Twistlock CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-43787 | Twistlock CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-43787 | Twistlock CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-43787 | Twistlock CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-52356 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-52355 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-36632 | Twistlock CVE | Medium | python3.11-libs-3.11.5-1.el9_3 |
CVE-2023-36632 | Twistlock CVE | Medium | python3.11-3.11.5-1.el9_3 |
CVE-2023-25193 | Twistlock CVE | Medium | harfbuzz-2.7.4-8.el9 |
CVE-2017-17973 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2021-29390 | Twistlock CVE | Medium | libjpeg-turbo-2.0.90-6.el9_1 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-8.7p1-34.el9_3.3 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-server-8.7p1-34.el9_3.3 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-clients-8.7p1-34.el9_3.3 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-B-1.80-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-SelectSaver-1.02-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-File-stat-1.09-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-Getopt-Std-1.12-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-Fcntl-1.13-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-FileHandle-2.03-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-if-0.60.800-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-DynaLoader-1.47-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-IPC-Open3-1.21-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-interpreter-5.32.1-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-Errno-1.30-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-IO-1.43-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-File-Compare-1.100.600-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-vars-1.05-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-subs-1.03-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-Symbol-1.08-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-libs-5.32.1-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-base-2.27-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-overloading-0.02-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-NDBM_File-1.15-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-File-Find-1.37-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-overload-1.31-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-AutoLoader-5.74-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-File-Basename-2.85-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-POSIX-1.94-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-mro-1.23-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-Class-Struct-0.66-480.el9 |
CVE-2023-47038 | Twistlock CVE | Medium | perl-File-Copy-2.34-480.el9 |
CVE-2023-4504 | Twistlock CVE | Medium | cups-libs-2.3.3op2-21.el9 |
CVE-2023-6277 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-43785 | Twistlock CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-43785 | Twistlock CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-43785 | Twistlock CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-41175 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-40745 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-3618 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2022-40090 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2022-37051 | Twistlock CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2022-37051 | Twistlock CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2022-37050 | Twistlock CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2022-37050 | Twistlock CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2023-38473 | Twistlock CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38472 | Twistlock CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38471 | Twistlock CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38470 | Twistlock CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-38469 | Twistlock CVE | Medium | avahi-libs-0.8-15.el9 |
CVE-2023-43786 | Twistlock CVE | Medium | libX11-common-1.7.0-8.el9 |
CVE-2023-43786 | Twistlock CVE | Medium | libX11-xcb-1.7.0-8.el9 |
CVE-2023-43786 | Twistlock CVE | Medium | libX11-1.7.0-8.el9 |
CVE-2023-3164 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-25435 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-25434 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2023-25433 | Twistlock CVE | Medium | libtiff-4.4.0-10.el9 |
CVE-2022-40896 | Twistlock CVE | Medium | python3.11-pip-wheel-22.3.1-4.el9_3.1 |
CVE-2020-36024 | Twistlock CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2020-36024 | Twistlock CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2020-36023 | Twistlock CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2020-36023 | Twistlock CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2023-27043 | Twistlock CVE | Medium | python3.11-libs-3.11.5-1.el9_3 |
CVE-2023-27043 | Twistlock CVE | Medium | python3.11-3.11.5-1.el9_3 |
CVE-2023-50495 | Twistlock CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2023-1916 | Twistlock CVE | Low | libtiff-4.4.0-10.el9 |
CVE-2022-29458 | Twistlock CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2016-20012 | Twistlock CVE | Low | openssh-8.7p1-34.el9_3.3 |
CVE-2016-20012 | Twistlock CVE | Low | openssh-clients-8.7p1-34.el9_3.3 |
CVE-2016-20012 | Twistlock CVE | Low | openssh-server-8.7p1-34.el9_3.3 |
CVE-2017-6519 | Twistlock CVE | Low | avahi-libs-0.8-15.el9 |
CVE-2023-6228 | Twistlock CVE | Low | libtiff-4.4.0-10.el9 |
CVE-2022-3857 | Twistlock CVE | Low | libpng-1.6.37-12.el9 |
CVE-2022-1056 | Twistlock CVE | Low | libtiff-4.4.0-10.el9 |
CVE-2022-0530 | Twistlock CVE | Low | unzip-6.0-56.el9 |
CVE-2022-0529 | Twistlock CVE | Low | unzip-6.0-56.el9 |
CVE-2017-1000383 | Twistlock CVE | Low | emacs-filesystem-27.2-9.el9 |
CVE-2021-4217 | Twistlock CVE | Low | unzip-6.0-56.el9 |
CVE-2017-16232 | Twistlock CVE | Low | libtiff-4.4.0-10.el9 |
CVE-2021-25317 | Twistlock CVE | Low | cups-libs-2.3.3op2-21.el9 |
CVE-2024-2961 | Twistlock CVE | Critical | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2023-48161 | Twistlock CVE | Medium | java-11-openjdk-headless-11.0.23.0.9-3.el9 |
CVE-2024-28219 | Twistlock CVE | Medium | pillow-10.2.0 |
CVE-2022-33068 | Twistlock CVE | Medium | java-11-openjdk-headless-11.0.23.0.9-3.el9 |
CVE-2022-3857 | Twistlock CVE | Low | java-11-openjdk-headless-11.0.23.0.9-3.el9 |
CVE-2024-3568 | Twistlock CVE | Low | transformers-4.37.1 |
CVE-2023-6597 | Twistlock CVE | Critical | python3.11-3.11.5-1.el9_3 |
CVE-2023-6597 | Twistlock CVE | Critical | python3.11-libs-3.11.5-1.el9_3 |
CVE-2023-6597 | Twistlock CVE | Critical | python3-3.9.18-1.el9_3.1 |
CVE-2023-6597 | Twistlock CVE | Critical | python3-libs-3.9.18-1.el9_3.1 |
CVE-2024-33599 | Twistlock CVE | Critical | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-33599 | Twistlock CVE | Critical | glibc-2.34-83.el9_3.12 |
CVE-2024-33599 | Twistlock CVE | Critical | glibc-minimal-langpack-2.34-83.el9_3.12 |
CVE-2024-33599 | Twistlock CVE | Critical | glibc-common-2.34-83.el9_3.12 |
CVE-2022-37052 | Twistlock CVE | Medium | poppler-utils-21.01.0-18.el9 |
CVE-2022-37052 | Twistlock CVE | Medium | poppler-21.01.0-18.el9 |
CVE-2024-0450 | Twistlock CVE | Medium | python3-libs-3.9.18-1.el9_3.1 |
CVE-2024-0450 | Twistlock CVE | Medium | python3.11-3.11.5-1.el9_3 |
CVE-2024-0450 | Twistlock CVE | Medium | python3.11-libs-3.11.5-1.el9_3 |
CVE-2024-0450 | Twistlock CVE | Medium | python3-3.9.18-1.el9_3.1 |
CVE-2024-33600 | Twistlock CVE | Medium | glibc-2.34-83.el9_3.12 |
CVE-2024-33600 | Twistlock CVE | Medium | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-33600 | Twistlock CVE | Medium | glibc-minimal-langpack-2.34-83.el9_3.12 |
CVE-2024-33600 | Twistlock CVE | Medium | glibc-common-2.34-83.el9_3.12 |
CVE-2023-45803 | Twistlock CVE | Medium | python3-pip-wheel-21.2.3-7.el9_3.1 |
CVE-2024-33602 | Twistlock CVE | Low | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-33602 | Twistlock CVE | Low | glibc-minimal-langpack-2.34-83.el9_3.12 |
CVE-2024-33602 | Twistlock CVE | Low | glibc-2.34-83.el9_3.12 |
CVE-2024-33602 | Twistlock CVE | Low | glibc-common-2.34-83.el9_3.12 |
CVE-2024-33601 | Twistlock CVE | Low | glibc-minimal-langpack-2.34-83.el9_3.12 |
CVE-2024-33601 | Twistlock CVE | Low | glibc-2.34-83.el9_3.12 |
CVE-2024-33601 | Twistlock CVE | Low | glibc-gconv-extra-2.34-83.el9_3.12 |
CVE-2024-33601 | Twistlock CVE | Low | glibc-common-2.34-83.el9_3.12 |
VAT: https://vat.dso.mil/vat/image?imageName=unstructured-api/unstructured-api&tag=0.0.65.2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=unstructured-api/unstructured-api&tag=0.0.58&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.