chore(findings): virtualitics/predict/predict-project-afnwc
Summary
virtualitics/predict/predict-project-afnwc has 61 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-45c4-8wx5-qw6w | Anchore CVE | Medium | aiohttp-3.8.3 |
GHSA-mrwq-x4v8-fh7p | Anchore CVE | Medium | Pygments-2.13.0 |
GHSA-xqr8-7jwr-rhp7 | Anchore CVE | High | certifi-2022.12.7 |
GHSA-jm77-qphf-c4w8 | Anchore CVE | Low | cryptography-39.0.1 |
GHSA-qppv-j76h-2rpx | Anchore CVE | Medium | tornado-6.2 |
CVE-2023-31486 | Anchore CVE | Medium | perl-HTTP-Tiny-0.074-1.el8 |
CVE-2023-3446 | Anchore CVE | Low | openssl-devel-1:1.1.1k-9.el8_7 |
CVE-2023-3817 | Anchore CVE | Low | openssl-devel-1:1.1.1k-9.el8_7 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-gconv-extra-2.28-225.el8 |
CVE-2023-3817 | Anchore CVE | Low | openssl-1:1.1.1k-9.el8_7 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-3446 | Anchore CVE | Low | openssl-1:1.1.1k-9.el8_7 |
CVE-2022-48564 | Anchore CVE | Medium | python-3.8.16 |
CVE-2022-48560 | Anchore CVE | High | python-3.8.16 |
CVE-2020-19187 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19190 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2022-48564 | Anchore CVE | Medium | python-3.8.16 |
CVE-2020-19189 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19188 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19185 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2022-48560 | Anchore CVE | High | python-3.8.16 |
CVE-2020-22916 | Anchore CVE | Low | xz-devel-5.2.4-4.el8_6 |
CVE-2020-19186 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
GHSA-xjw2-6jm9-rf67 | Anchore CVE | High | RestrictedPython-6.0 |
CVE-2023-39615 | Anchore CVE | Medium | libxml2-devel-2.9.7-16.el8_8.1 |
CVE-2022-48566 | Anchore CVE | High | python-3.8.16 |
CVE-2023-40217 | Anchore CVE | Medium | python-3.8.16 |
CVE-2022-48566 | Anchore CVE | High | python-3.8.16 |
CVE-2022-48565 | Anchore CVE | Critical | python-3.8.16 |
CVE-2023-40217 | Anchore CVE | Medium | python-3.8.16 |
CVE-2022-48565 | Anchore CVE | Critical | python-3.8.16 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-gconv-extra-2.28-225.el8 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-gconv-extra-2.28-225.el8 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4039 | Anchore CVE | Medium | libstdc++-devel-8.5.0-18.el8 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-gconv-extra-2.28-225.el8 |
CVE-2023-37276 | Twistlock CVE | Medium | aiohttp-3.8.3 |
CVE-2022-40896 | Twistlock CVE | Medium | pygments-2.13.0 |
CVE-2023-3446 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-3446 | Twistlock CVE | Low | openssl-devel-1.1.1k-9.el8_7 |
CVE-2023-37920 | Twistlock CVE | Critical | certifi-2022.12.7 |
CVE-2023-3817 | Twistlock CVE | Low | openssl-devel-1.1.1k-9.el8_7 |
CVE-2023-3817 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
GHSA-jm77-qphf-c4w8 | Twistlock CVE | Low | cryptography-39.0.1 |
CVE-2023-31486 | Twistlock CVE | Medium | perl-HTTP-Tiny-0.074-1.el8 |
GHSA-qppv-j76h-2rpx | Twistlock CVE | Medium | tornado-6.2 |
CVE-2020-19190 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19189 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19188 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19187 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19186 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2020-19185 | Twistlock CVE | Medium | ncurses-6.1-9.20180224.el8 |
PRISMA-2023-0033 | Twistlock CVE | Medium | pygments-2.13.0 |
CVE-2020-22916 | Twistlock CVE | Low | xz-devel-5.2.4-4.el8_6 |
CVE-2023-41039 | Twistlock CVE | High | restrictedpython-6.0 |
CVE-2023-4527 | Twistlock CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4813 | Twistlock CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4806 | Twistlock CVE | Medium | glibc-langpack-en-2.28-225.el8 |
CVE-2023-4039 | Twistlock CVE | Medium | libstdc++-devel-8.5.0-18.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=virtualitics/predict/predict-project-afnwc&tag=1.14.1-beta-2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=virtualitics/predict/predict-project-afnwc&tag=1.14.1-beta-2&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.