UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/python/python-pipenv/python38-pipenv

Summary

opensource/python/python-pipenv/python38-pipenv has 52 new findings discovered during continuous monitoring.

Layer: opensource/python:v3.8 is EOL, please update if possible

Layer: redhat/ubi/ubi9-minimal:9.5 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/python/python-pipenv/python38-pipenv&tag=2024.4.1&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-1931 Twistlock CVE Medium unbound-1.16.2-17.el9 0.06753 false
CVE-2024-1931 Anchore CVE Medium unbound-libs-1.16.2-17.el9 0.06753 false
CVE-2024-56433 Anchore CVE Low shadow-utils-2:4.9-12.el9 0.04077 false
CVE-2024-33655 Twistlock CVE Low unbound-1.16.2-17.el9 0.01748 false
CVE-2024-33655 Anchore CVE Low unbound-libs-1.16.2-17.el9 0.01748 false
CVE-2024-0397 Twistlock CVE Low python3.9-3.9.21-2.el9 0.00393 false
CVE-2024-0397 Anchore CVE Low python-unversioned-command-3.9.21-2.el9 0.00393 false
CVE-2024-0397 Anchore CVE Low python3-3.9.21-2.el9 0.00393 false
CVE-2024-0397 Anchore CVE Low python3-libs-3.9.21-2.el9 0.00393 false
CVE-2021-23336 Twistlock CVE Medium python3.9-3.9.21-2.el9 0.00348 N/A
CVE-2021-23336 Anchore CVE Medium python3-3.9.21-2.el9 0.00348 N/A
CVE-2021-23336 Anchore CVE Medium python3-libs-3.9.21-2.el9 0.00348 N/A
CVE-2021-23336 Anchore CVE Medium python-unversioned-command-3.9.21-2.el9 0.00348 N/A
CVE-2024-52533 Twistlock CVE Medium glib2-2.68.4-16.el9 0.00336 false
CVE-2024-52533 Anchore CVE Medium glib2-2.68.4-16.el9 0.00336 false
CVE-2024-7592 Twistlock CVE Low python3.9-3.9.21-2.el9 0.00255 false
CVE-2024-7592 Anchore CVE Low python3-libs-3.9.21-2.el9 0.00255 false
CVE-2024-7592 Anchore CVE Low python-unversioned-command-3.9.21-2.el9 0.00255 false
CVE-2024-7592 Anchore CVE Low python3-3.9.21-2.el9 0.00255 false
CVE-2022-4899 Twistlock CVE Medium zstd-1.5.5-1.el9 0.00211 false
CVE-2022-4899 Anchore CVE Medium libzstd-1.5.5-1.el9 0.00211 false
CVE-2023-32636 Twistlock CVE Low glib2-2.68.4-16.el9 0.00179 false
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-16.el9 0.00179 false
CVE-2025-1795 Twistlock CVE Low python3.9-3.9.21-2.el9 0.00167 false
CVE-2025-1795 Anchore CVE Low python3-3.9.21-2.el9 0.00167 false
CVE-2025-1795 Anchore CVE Low python3-libs-3.9.21-2.el9 0.00167 false
CVE-2025-1795 Anchore CVE Low python-unversioned-command-3.9.21-2.el9 0.00167 false
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.13-9.el9_6 0.00139 false
CVE-2024-34459 Anchore CVE Low libxml2-2.9.13-9.el9_6 0.00139 false
CVE-2023-2953 Twistlock CVE Low openldap-2.6.8-4.el9 0.00099 false
CVE-2023-2953 Anchore CVE Low openldap-2.6.8-4.el9 0.00099 false
CVE-2025-3360 Twistlock CVE Low glib2-2.68.4-16.el9 0.00090 false
CVE-2025-3360 Anchore CVE Low glib2-2.68.4-16.el9 0.00090 false
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-9.el9_6 0.00076 false
CVE-2025-4373 Twistlock CVE Medium glib2-2.68.4-16.el9 0.00051 false
CVE-2025-4373 Anchore CVE Medium glib2-2.68.4-16.el9 0.00051 false
CVE-2025-27113 Twistlock CVE Low libxml2-2.9.13-9.el9_6 0.00050 false
CVE-2025-27113 Anchore CVE Low libxml2-2.9.13-9.el9_6 0.00050 false
CVE-2024-43167 Twistlock CVE Low unbound-1.16.2-17.el9 0.00039 false
CVE-2024-43167 Anchore CVE Low unbound-libs-1.16.2-17.el9 0.00039 false
CVE-2024-43168 Twistlock CVE Low unbound-1.16.2-17.el9 0.00028 false
CVE-2024-43168 Anchore CVE Low unbound-libs-1.16.2-17.el9 0.00028 false
CVE-2025-32415 Twistlock CVE Low libxml2-2.9.13-9.el9_6 0.00019 false
CVE-2025-32415 Anchore CVE Low libxml2-2.9.13-9.el9_6 0.00019 false
CVE-2021-3997 Twistlock CVE Medium systemd-252-51.el9 0.00016 N/A
CVE-2021-3997 Anchore CVE Medium systemd-libs-252-51.el9 0.00016 N/A
CVE-2025-32414 Twistlock CVE Medium libxml2-2.9.13-9.el9_6 0.00015 false
CVE-2025-32414 Anchore CVE Medium libxml2-2.9.13-9.el9_6 0.00015 false
CVE-2025-4516 Anchore CVE Low python-3.8.20 0.00014 false
CVE-2025-4516 Anchore CVE Low python-3.8.20 0.00014 false
CVE-2025-3576 Twistlock CVE Medium krb5-1.21.1-6.el9 0.00010 false
CVE-2025-3576 Anchore CVE Medium krb5-libs-1.21.1-6.el9 0.00010 false

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/python/python-pipenv/python38-pipenv&tag=2024.4.1&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI