UNCLASSIFIED - NO CUI

Skip to content

chore(findings): virtualitics/predict/predict-backend

Summary

virtualitics/predict/predict-backend has 64 new findings discovered during continuous monitoring.

id source severity package
GHSA-j225-cvw7-qrx7 Anchore CVE Medium pycryptodome-3.17
GHSA-672h-6x89-76m5 Anchore CVE Medium Flask-Security-Too-5.2.0
CVE-2023-6135 Anchore CVE Medium nss-util-3.90.0-4.el8_9
CVE-2023-6135 Anchore CVE Medium nss-3.90.0-4.el8_9
GHSA-h5c8-rqwp-cp95 Anchore CVE Medium Jinja2-3.1.2
CVE-2023-43804 Anchore CVE Medium python3-urllib3-1.24.2-5.el8_9.2
CVE-2023-5455 Anchore CVE Medium libkadm5-1.18.2-26.el8_9
CVE-2023-6135 Anchore CVE Medium nss-softokn-3.90.0-4.el8_9
CVE-2023-5455 Anchore CVE Medium krb5-devel-1.18.2-26.el8_9
CVE-2023-6135 Anchore CVE Medium nss-softokn-freebl-3.90.0-4.el8_9
CVE-2023-5455 Anchore CVE Medium krb5-libs-1.18.2-26.el8_9
CVE-2023-6135 Anchore CVE Medium nss-sysinit-3.90.0-4.el8_9
CVE-2021-43618 Anchore CVE Medium gmp-1:6.1.2-10.el8
CVE-2024-0553 Anchore CVE Medium gnutls-3.6.16-8.el8_9
CVE-2023-36632 Anchore CVE Medium python3-libs-3.6.8-56.el8_9.3
CVE-2023-36632 Anchore CVE Medium platform-python-3.6.8-56.el8_9.3
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2024-22365 Anchore CVE Medium pam-1.3.1-27.el8
CVE-2023-32665 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2023-32611 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2023-29499 Anchore CVE Low glib2-2.56.4-161.el8
GHSA-3f63-hfp8-52jq Anchore CVE High Pillow-10.0.1
CVE-2024-0727 Anchore CVE Low openssl-devel-1:1.1.1k-12.el8_9
CVE-2024-0727 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2024-0727 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2020-15778 Anchore CVE Medium openssh-clients-8.0p1-19.el8_8
CVE-2020-15778 Anchore CVE Medium openssh-8.0p1-19.el8_8
CVE-2021-4209 Twistlock CVE Low gnutls-3.6.16-8.el8_9
CVE-2023-45322 Twistlock CVE Low libxml2-2.9.7-18.el8_9
CVE-2023-45322 Twistlock CVE Low python3-libxml2-2.9.7-18.el8_9
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.90.0-4.el8_9
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.90.0-4.el8_9
CVE-2020-12413 Twistlock CVE Low nss-3.90.0-4.el8_9
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.90.0-4.el8_9
CVE-2020-12413 Twistlock CVE Low nss-util-3.90.0-4.el8_9
CVE-2023-6135 Twistlock CVE Medium nss-softokn-freebl-3.90.0-4.el8_9
CVE-2023-6135 Twistlock CVE Medium nss-util-3.90.0-4.el8_9
CVE-2023-6135 Twistlock CVE Medium nss-sysinit-3.90.0-4.el8_9
CVE-2023-6135 Twistlock CVE Medium nss-softokn-3.90.0-4.el8_9
CVE-2023-6135 Twistlock CVE Medium nss-3.90.0-4.el8_9
CVE-2023-5455 Twistlock CVE Medium libkadm5-1.18.2-26.el8_9
CVE-2023-5455 Twistlock CVE Medium krb5-libs-1.18.2-26.el8_9
CVE-2023-5455 Twistlock CVE Medium krb5-devel-1.18.2-26.el8_9
CVE-2023-49438 Twistlock CVE Medium flask-security-too-5.2.0
CVE-2023-52323 Twistlock CVE Medium pycryptodome-3.17
CVE-2024-22195 Twistlock CVE Medium jinja2-3.1.2
CVE-2023-36632 Twistlock CVE Medium python3-libs-3.6.8-56.el8_9.3
CVE-2023-36632 Twistlock CVE Medium platform-python-3.6.8-56.el8_9.3
CVE-2024-0553 Twistlock CVE Medium gnutls-3.6.16-8.el8_9
CVE-2019-9674 Twistlock CVE Low python3-libs-3.6.8-56.el8_9.3
CVE-2019-9674 Twistlock CVE Low platform-python-3.6.8-56.el8_9.3
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2024-0232 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2024-22365 Twistlock CVE Medium pam-1.3.1-27.el8
CVE-2023-50447 Twistlock CVE High pillow-10.0.1
CVE-2024-0727 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-0727 Twistlock CVE Low openssl-devel-1.1.1k-12.el8_9
CVE-2024-0727 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2022-41409 Twistlock CVE Low pcre2-utf32-10.32-3.el8_6
CVE-2022-41409 Twistlock CVE Low pcre2-10.32-3.el8_6
CVE-2022-41409 Twistlock CVE Low pcre2-utf16-10.32-3.el8_6
CVE-2022-41409 Twistlock CVE Low pcre2-devel-10.32-3.el8_6

VAT: https://vat.dso.mil/vat/image?imageName=virtualitics/predict/predict-backend&tag=1.16.1.6&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=virtualitics/predict/predict-backend&tag=1.16.1.6&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI