Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twistlock Scan Findings #212

Closed
shshashwat opened this issue Jul 29, 2021 · 0 comments · Fixed by #211
Closed

Twistlock Scan Findings #212

shshashwat opened this issue Jul 29, 2021 · 0 comments · Fixed by #211
Assignees
@shshashwat

Comments

@shshashwat
Copy link
Contributor

Problem description
Few critical and highs CVEs reported in schema-registry Twistlock report . The components need to be upgraded to fixed version provided.

S.no Packages CVE ID Package Version Fixed version
1 oniguruma CVE-2020-26159 6.9.4-r0 6.9.4-r1
2 oniguruma CVE-2019-19204 6.9.4-r0 6.9.5-r2
3 oniguruma CVE-2019-19012 6.9.4-r0 6.9.5-r2
4 oniguruma CVE-2019-19203 6.9.4-r0 6.9.5-r2
5 libx11 CVE-2020-14363 1.6.7-r0 1.6.12-r0
6 libbsd CVE-2019-20367 0.8.6-r2 0.10.0-r0
7 sqlite-libs CVE-2019-5018 3.26.0-r3 3.28.0-r0
8 sqlite-libs CVE-2019-8457 3.26.0-r3 3.28.0-r0
9 sqlite-libs CVE-2020-11655 3.26.0-r3 3.28.0-r3
10 sqlite-libs CVE-2019-19646 3.26.0-r3 3.32.1-r0
11 sqlite-libs CVE-2020-11656 3.26.0-r3 3.32.1-r0
12 sqlite-libs CVE-2020-13630 3.26.0-r3 3.32.1-r0
13 sqlite-libs CVE-2019-19244 3.26.0-r3 3.28.0-r2
14 libbz2 CVE-2019-12900 1.0.6-r6 1.0.6-r7
15 libssl1.1,libcrypto1.1 CVE-2020-1967 1.1.1b-r1 1.1.1g-r0
16 libstdc++,libgcc CVE-2019-15847 8.3.0-r0 9.3.0-r0
17 com.fasterxml.jackson.core_jackson-databind CVE-2020-10672 2.9.8 2.9.10.4
18 com.fasterxml.jackson.core_jackson-databind CVE-2020-10673 2.9.8 2.9.10.4
19 com.fasterxml.jackson.core_jackson-databind CVE-2019-20330 2.9.8 2.9.10.2
20 com.fasterxml.jackson.core_jackson-databind CVE-2020-10968 2.9.8 2.9.10.4
21 com.fasterxml.jackson.core_jackson-databind CVE-2020-10969 2.9.8 2.9.10.4
22 com.fasterxml.jackson.core_jackson-databind CVE-2020-11111 2.9.8 2.9.10.4
23 com.fasterxml.jackson.core_jackson-databind CVE-2020-11112 2.9.8 2.9.10.4
24 com.fasterxml.jackson.core_jackson-databind CVE-2020-11113 2.9.8 2.9.10.4
25 com.fasterxml.jackson.core_jackson-databind CVE-2019-17531 2.9.8 2.9.10.1 or 2.8.11.5 or 2.6.7.3 or 2.10.0 or later
26 com.fasterxml.jackson.core_jackson-databind CVE-2019-17267 2.9.8 2.9.10
27 com.fasterxml.jackson.core_jackson-databind CVE-2019-16943 2.9.8 2.9.10.1 or 2.8.11.5 or 2.6.7.3 or 2.10.0 or later
28 com.fasterxml.jackson.core_jackson-databind CVE-2019-16942 2.9.8 2.9.10.1 or 2.8.11.5 or 2.6.7.3 or 2.10.0 or later
29 com.fasterxml.jackson.core_jackson-databind CVE-2019-16335 2.9.8 2.9.10
30 com.fasterxml.jackson.core_jackson-databind CVE-2020-8840 2.9.8 2.9.10.1 or 2.8.11.5 or 2.6.7.3 or 2.10.0 or later
31 com.fasterxml.jackson.core_jackson-databind CVE-2020-9546 2.9.8 2.9.10.4
32 com.fasterxml.jackson.core_jackson-databind CVE-2020-9547 2.9.8 2.9.10.4
33 com.fasterxml.jackson.core_jackson-databind CVE-2020-9548 2.9.8 2.9.10.4
34 com.fasterxml.jackson.core_jackson-databind CVE-2019-14540 2.9.8 2.9.10
35 com.fasterxml.jackson.core_jackson-databind CVE-2020-14060 2.9.8 2.9.10.5
36 com.fasterxml.jackson.core_jackson-databind CVE-2020-14061 2.9.8 2.9.10.5
37 com.fasterxml.jackson.core_jackson-databind CVE-2020-14062 2.9.8 2.9.10.5
38 com.fasterxml.jackson.core_jackson-databind CVE-2020-14195 2.9.8 2.9.10.5
39 com.fasterxml.jackson.core_jackson-databind CVE-2020-24616 2.9.8 2.9.10.6
40 com.fasterxml.jackson.core_jackson-databind CVE-2020-24750 2.9.8 2.9.10.6
41 com.fasterxml.jackson.core_jackson-databind CVE-2020-11620 2.9.8 2.9.10.4
42 com.fasterxml.jackson.core_jackson-databind CVE-2020-11619 2.9.8 2.9.10.4
43 com.fasterxml.jackson.core_jackson-databind CVE-2019-14439 2.9.8 2.9.9.2
44 com.fasterxml.jackson.core_jackson-databind CVE-2019-14892 2.9.8 2.9.10, 2.8.11.5, 2.6.7.3
45 com.fasterxml.jackson.core_jackson-databind CVE-2019-12086 2.9.8 2.9.9
46 com.fasterxml.jackson.core_jackson-databind CVE-2019-14379 2.9.8 2.9.9.2
47 com.fasterxml.jackson.core_jackson-databind CVE-2019-14893 2.9.8 2.10.0, 2.9.10
48 org.yaml_snakeyaml CVE-2017-18640 1.23 1.26
49 io.netty_netty-codec CVE-2019-20445 4.1.36.Final 4.1.44
50 io.netty_netty-codec CVE-2019-20444 4.1.36.Final 4.1.44
51 io.netty_netty-codec CVE-2020-11612 4.1.36.Final 4.1.46
52 io.netty_netty-codec CVE-2019-16869 4.1.36.Final 4.1.42.Final
53 log4j_log4j CVE-2019-17571 1.2.17 log4j 2.8.2
54 org.apache.zookeeper_zookeeper CVE-2018-8012 3.5.3 3.4.10
55 org.keycloak_keycloak-core CVE-2020-1714 6.0.1 11.0.0
56 org.keycloak_keycloak-core CVE-2020-1718 6.0.1 8.0.0
57 org.keycloak_keycloak-core CVE-2020-1731 6.0.1 8.0.2
58 org.keycloak_keycloak-core CVE-2019-10169 6.0.1 8.0.0
59 org.keycloak_keycloak-core CVE-2019-10170 6.0.1 8.0.0
60 org.keycloak_keycloak-core CVE-2019-10199 6.0.1 7.0.0
61 org.keycloak_keycloak-core CVE-2019-10201 6.0.1 7.0.0
62 org.keycloak_keycloak-core CVE-2019-14832 6.0.1 7.0.1
63 org.keycloak_keycloak-core CVE-2019-14837 6.0.1 8.0.0
64 org.keycloak_keycloak-core CVE-2020-10758 6.0.1 11.0.1
65 org.apache.commons_commons-compress CVE-2019-12402 1.18 1.19 or later
66 data mapper for jackson json processor_jackson-mapper-asl CVE-2019-10172 1.9.13  

Suggestions for an improvement

Upgrade the library dependency to suggested versions so that nothing else breaks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shshashwat shshashwat

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue 212: Change dependencies with vulnerability shshashwat/schema-registry
1 participant
@shshashwat