chore(findings): virtualitics/platform/persistence
Summary
virtualitics/platform/persistence has 22 new findings discovered during continuous monitoring.
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=virtualitics/platform/persistence&tag=1.22.0.9&branch=master
EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.
KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.
| id | source | severity | package | impact | workaround | epss_score | kev |
|---|---|---|---|---|---|---|---|
| CVE-2025-1795 | Anchore CVE | Low | python3.11-libs-3.11.11-2.el9_6.2 | 0.00236 | false | ||
| CVE-2025-1795 | Anchore CVE | Low | python3.11-3.11.11-2.el9_6.2 | 0.00236 | false | ||
| CVE-2025-6069 | Anchore CVE | Medium | python3.11-libs-3.11.11-2.el9_6.2 | 0.00116 | false | ||
| CVE-2025-6069 | Anchore CVE | Medium | python3.11-3.11.11-2.el9_6.2 | 0.00116 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python3.11-3.11.11-2.el9_6.2 | 0.00073 | false | ||
| CVE-2025-8291 | Anchore CVE | Medium | python3.11-libs-3.11.11-2.el9_6.2 | 0.00073 | false | ||
| CVE-2025-8291 | Twistlock CVE | Medium | python3.11-3.11.11-2.el9_6.2 | 0.00073 | false | ||
| CVE-2025-54121 | Twistlock CVE | Medium | starlette-0.40.0 | Its a rare case. | Check the commit that fixes the issue and patch yourself. | 0.00067 | false |
| CVE-2025-50181 | Twistlock CVE | Medium | urllib3-2.2.2 | Most users dont disable redirects on the PoolManager. | Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager | 0.00023 | false |
| CVE-2025-50181 | Anchore CVE | Medium | python3.11-pip-wheel-22.3.1-5.el9 | 0.00023 | false | ||
| CVE-2025-50181 | Anchore CVE | Medium | python3-pip-21.3.1-1.el9 | 0.00023 | false | ||
| CVE-2025-8869 | Twistlock CVE | Medium | pip-21.3.1 | 0.00018 | false | ||
| CVE-2025-50182 | Twistlock CVE | Medium | urllib3-2.2.2 | Pyodide is extremely rare configuration for users in production. | 0.00014 | false | |
| CVE-2025-50182 | Anchore CVE | Medium | python3.11-pip-wheel-22.3.1-5.el9 | 0.00014 | false | ||
| CVE-2025-50182 | Anchore CVE | Medium | python3-pip-21.3.1-1.el9 | 0.00014 | false | ||
| CVE-2025-4516 | Anchore CVE | Medium | python3.11-libs-3.11.11-2.el9_6.2 | 0.00013 | false | ||
| CVE-2025-4516 | Anchore CVE | Medium | python3.11-3.11.11-2.el9_6.2 | 0.00013 | false | ||
| CVE-2025-62727 | Twistlock CVE | High | starlette-0.40.0 | Its only an issue if you serve files. | You need to create your own FileResponse class inheriting from FileResponse, and change the HTTP range parsing logic. | N/A | false |
| GHSA-pq67-6m6q-mj2v | Anchore CVE | Medium | urllib3-2.2.2 | N/A | N/A | ||
| GHSA-7f5h-v6xp-fcq8 | Anchore CVE | High | starlette-0.40.0 | N/A | N/A | ||
| GHSA-48p4-8xcf-vxj5 | Anchore CVE | Medium | urllib3-2.2.2 | N/A | N/A | ||
| GHSA-2c2j-9gv5-cj73 | Anchore CVE | Medium | starlette-0.40.0 | N/A | N/A |
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=virtualitics/platform/persistence&tag=1.22.0.9&branch=master
Tasks
Contributor:
-
Apply the StatusReview label to this issue for a merge request reviewand wait for feedback
OR
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue for a VAT justifications reviewand wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
RevieworVerificationlabel will be removed and the issue will be sent back toTo-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theRevieworVerificationlabel.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.