Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code
TrueChartsClone/charts/stable/booksonic-air/security.md

123 lines
90 KiB
Markdown
Raw Normal View History

Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 23:17:30 +00:00
# Security Overview
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
#### Chart Object: booksonic-air/templates/common.yaml
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-booksonic-air&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-booksonic-air&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-booksonic-air&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-booksonic-air&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-booksonic-air&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment &#39;RELEASE-NAME-booksonic-air&#39; should not set &#39;spec.template.volumes.hostPath&#39; </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-booksonic-air&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-26 15:30:42 +00:00
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
chore: Auto-update chart README [skip ci]
2022-05-09 07:43:30 +00:00
tccr.io/truecharts/booksonic-air:v2201.1.0@sha256:a9638696f62f0ba4daf79580fdd741833a518f7ba2c6c0c37b63bcf79cd8a8ec
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
##### Scan Results
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-05 00:50:14 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
**alpine**
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-30 08:29:35 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
chore: Auto-update chart README [skip ci]
2022-05-10 21:17:41 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-04 21:26:31 +00:00
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-10 21:17:41 +00:00
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-09 07:43:30 +00:00
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-02-06 17:25:51 +00:00
**alpine**
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-30 08:29:35 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
chore: Auto-update chart README [skip ci]
2022-05-10 21:17:41 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-04 21:26:31 +00:00
| curl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| curl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-22576 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22576">https://access.redhat.com/security/cve/CVE-2022-22576</a><br><a href="https://curl.se/docs/CVE-2022-22576.html">https://curl.se/docs/CVE-2022-22576.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27774">https://access.redhat.com/security/cve/CVE-2022-27774</a><br><a href="https://curl.se/docs/CVE-2022-27774.html">https://curl.se/docs/CVE-2022-27774.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27776">https://access.redhat.com/security/cve/CVE-2022-27776</a><br><a href="https://curl.se/docs/CVE-2022-27776.html">https://curl.se/docs/CVE-2022-27776.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
| libcurl | CVE-2022-27775 | LOW | 7.80.0-r0 | 7.80.0-r1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-27775">https://access.redhat.com/security/cve/CVE-2022-27775</a><br><a href="https://curl.se/docs/CVE-2022-27775.html">https://curl.se/docs/CVE-2022-27775.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775</a><br><a href="https://ubuntu.com/security/notices/USN-5397-1">https://ubuntu.com/security/notices/USN-5397-1</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-10 21:17:41 +00:00
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-28391">https://access.redhat.com/security/cve/CVE-2022-28391</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-09 07:43:30 +00:00
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://linux.oracle.com/cve/CVE-2018-25032.html">https://linux.oracle.com/cve/CVE-2018-25032.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-1642.html">https://linux.oracle.com/errata/ELSA-2022-1642.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-26 15:30:42 +00:00
chore: Auto-update chart README [skip ci]
2022-04-26 10:10:07 +00:00
#### Container: Java
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
**jar**
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:34:35 +00:00
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
chore: Auto-update chart README [skip ci]
2022-04-26 10:10:07 +00:00
| ch.qos.logback:logback-core | CVE-2021-42550 | MEDIUM | 1.2.3 | 1.2.9 | <details><summary>Expand...</summary><a href="http://logback.qos.ch/news.html">http://logback.qos.ch/news.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-42550">https://access.redhat.com/security/cve/CVE-2021-42550</a><br><a href="https://cve.report/CVE-2021-42550">https://cve.report/CVE-2021-42550</a><br><a href="https://github.com/advisories/GHSA-668q-qrv7-99fm">https://github.com/advisories/GHSA-668q-qrv7-99fm</a><br><a href="https://github.com/cn-panda/logbackRceDemo">https://github.com/cn-panda/logbackRceDemo</a><br><a href="https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html">https://github.com/qos-ch/logback/blob/1502cba4c1dfd135b2e715bc0cf80c0045d4d128/logback-site/src/site/pages/news.html</a><br><a href="https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c">https://github.com/qos-ch/logback/commit/87291079a1de9369ac67e20dc70a8fdc7cc4359c</a><br><a href="https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42">https://github.com/qos-ch/logback/commit/ef4fc4186b74b45ce80d86833820106ff27edd42</a><br><a href="https://jira.qos.ch/browse/LOGBACK-1591">https://jira.qos.ch/browse/LOGBACK-1591</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42550">https://nvd.nist.gov/vuln/detail/CVE-2021-42550</a><br><a href="https://security.netapp.com/advisory/ntap-20211229-0001/">https://security.netapp.com/advisory/ntap-20211229-0001/</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-09 07:43:30 +00:00
| com.fasterxml.jackson.core:jackson-databind | CVE-2020-36518 | HIGH | 2.11.0 | 2.12.6.1, 2.13.2.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-36518">https://access.redhat.com/security/cve/CVE-2020-36518</a><br><a href="https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b">https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b</a><br><a href="https://github.com/FasterXML/jackson-databind/issues/2816">https://github.com/FasterXML/jackson-databind/issues/2816</a><br><a href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.12</a><br><a href="https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13">https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.13</a><br><a href="https://github.com/advisories/GHSA-57j2-w4cx-62h2">https://github.com/advisories/GHSA-57j2-w4cx-62h2</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html">https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36518">https://nvd.nist.gov/vuln/detail/CVE-2020-36518</a><br><a href="https://security.netapp.com/advisory/ntap-20220506-0004/">https://security.netapp.com/advisory/ntap-20220506-0004/</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-05-04 21:26:31 +00:00
| org.liquibase:liquibase-core | CVE-2022-0839 | CRITICAL | 3.8.9 | 4.8.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-0839">https://access.redhat.com/security/cve/CVE-2022-0839</a><br><a href="https://github.com/advisories/GHSA-jvfv-hrrc-6q72">https://github.com/advisories/GHSA-jvfv-hrrc-6q72</a><br><a href="https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381">https://github.com/liquibase/liquibase/commit/33d9d925082097fb1a3d2fc8e44423d964cd9381</a><br><a href="https://huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70">https://huntr.dev/bounties/f1ae5779-b406-4594-a8a3-d089c68d6e70</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-0839">https://nvd.nist.gov/vuln/detail/CVE-2022-0839</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-18 09:28:56 +00:00
| org.postgresql:postgresql | CVE-2022-21724 | CRITICAL | 42.2.12 | 42.2.25, 42.3.2 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-21724">https://access.redhat.com/security/cve/CVE-2022-21724</a><br><a href="https://github.com/advisories/GHSA-v7wg-cpwc-24m4">https://github.com/advisories/GHSA-v7wg-cpwc-24m4</a><br><a href="https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813">https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813</a><br><a href="https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4">https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-21724">https://nvd.nist.gov/vuln/detail/CVE-2022-21724</a><br><a href="https://security.netapp.com/advisory/ntap-20220311-0005/">https://security.netapp.com/advisory/ntap-20220311-0005/</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-30 08:29:35 +00:00
| org.postgresql:postgresql | CVE-2020-13692 | HIGH | 42.2.12 | 42.2.13 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-13692">https://access.redhat.com/security/cve/CVE-2020-13692</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13692">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13692</a><br><a href="https://github.com/advisories/GHSA-88cc-g835-76rp">https://github.com/advisories/GHSA-88cc-g835-76rp</a><br><a href="https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65">https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65</a><br><a href="https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13">https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13</a><br><a href="https://linux.oracle.com/cve/CVE-2020-13692.html">https://linux.oracle.com/cve/CVE-2020-13692.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-3285.html">https://linux.oracle.com/errata/ELSA-2020-3285.html</a><br><a href="https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E">https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E">https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E">https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-13692">https://nvd.nist.gov/vuln/detail/CVE-2020-13692</a><br><a href="https://security.netapp.com/advisory/ntap-20200619-0005/">https://security.netapp.com/advisory/ntap-20200619-0005/</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-02-22 00:08:46 +00:00
| org.postgresql:postgresql | GHSA-673j-qm5f-xpv8 | MEDIUM | 42.2.12 | 42.3.3 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-673j-qm5f-xpv8">https://github.com/advisories/GHSA-673j-qm5f-xpv8</a><br><a href="https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064">https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064</a><br><a href="https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8">https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-26 15:30:42 +00:00
| org.postgresql:postgresql | GMS-2022-75 | UNKNOWN | 42.2.12 | 42.3.3 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-673j-qm5f-xpv8">https://github.com/advisories/GHSA-673j-qm5f-xpv8</a><br><a href="https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064">https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064</a><br><a href="https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8">https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-03 16:31:59 +00:00
| org.springframework.boot:spring-boot | GMS-2022-560 | UNKNOWN | 2.2.13.RELEASE | 2.5.12, 2.6.6 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-36p3-wjmg-h94x">https://github.com/advisories/GHSA-36p3-wjmg-h94x</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12">https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6">https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6</a><br><a href="https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15">https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE">https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18">https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22965">https://nvd.nist.gov/vuln/detail/CVE-2022-22965</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22965">https://tanzu.vmware.com/security/cve-2022-22965</a><br></details> |
| org.springframework.boot:spring-boot | GMS-2022-561 | UNKNOWN | 2.2.13.RELEASE | 2.5.12, 2.6.6 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-36p3-wjmg-h94x">https://github.com/advisories/GHSA-36p3-wjmg-h94x</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12">https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6">https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6</a><br><a href="https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15">https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE">https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18">https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22965">https://nvd.nist.gov/vuln/detail/CVE-2022-22965</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22965">https://tanzu.vmware.com/security/cve-2022-22965</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-20 21:21:59 +00:00
| org.springframework.boot:spring-boot-starter-web | CVE-2022-22965 | CRITICAL | 2.2.13.RELEASE | 2.6.6, 2.5.12 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html">http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-22965">https://access.redhat.com/security/cve/CVE-2022-22965</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf</a><br><a href="https://github.com/advisories/GHSA-36p3-wjmg-h94x">https://github.com/advisories/GHSA-36p3-wjmg-h94x</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12">https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6">https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6</a><br><a href="https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15">https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE">https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18">https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22965">https://nvd.nist.gov/vuln/detail/CVE-2022-22965</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22965">https://tanzu.vmware.com/security/cve-2022-22965</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67</a><br><a href="https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html">https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br><a href="https://www.praetorian.com/blog/spring-core-jdk9-rce/">https://www.praetorian.com/blog/spring-core-jdk9-rce/</a><br></details> |
Commit released Helm Chart and docs for TrueCharts Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
2022-03-30 08:29:35 +00:00
| org.springframework.security:spring-security-core | CVE-2021-22112 | HIGH | 5.2.8.RELEASE | 5.2.9.RELEASE, 5.3.8.RELEASE, 5.4.4 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/02/19/7">http://www.openwall.com/lists/oss-security/2021/02/19/7</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-22112">https://access.redhat.com/security/cve/CVE-2021-22112</a><br><a href="https://github.com/advisories/GHSA-gq28-h5vg-8prx">https://github.com/advisories/GHSA-gq28-h5vg-8prx</a><br><a href="https://github.com/spring-projects/spring-security/releases/tag/5.4.4">https://github.com/spring-projects/spring-security/releases/tag/5.4.4</a><br><a href="https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E">https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E">https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E">https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-22112">https://nvd.nist.gov/vuln/detail/CVE-2021-22112</a><br><a href="https://tanzu.vmware.com/security/cve-2021-22112">https://tanzu.vmware.com/security/cve-2021-22112</a><br><a href="https://www.jenkins.io/security/advisory/2021-02-19/">https://www.jenkins.io/security/advisory/2021-02-19/</a><br><a href="https://www.oracle.com//security-alerts/cpujul2021.html">https://www.oracle.com//security-alerts/cpujul2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br><a href="https:/
| org.springframework.security:spring-security-core | CVE-2021-22119 | HIGH | 5.2.8.RELEASE | 5.2.11.RELEASE, 5.3.10.RELEASE, 5.4.7, 5.5.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-22119">https://access.redhat.com/security/cve/CVE-2021-22119</a><br><a href="https://github.com/advisories/GHSA-w9jg-gvgr-354m">https://github.com/advisories/GHSA-w9jg-gvgr-354m</a><br><a href="https://github.com/spring-projects/spring-security/pull/9513">https://github.com/spring-projects/spring-security/pull/9513</a><br><a href="https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E">https://lists.apache.org/thread.html/r08a449010786e0bcffa4b5781b04fcb55d6eafa62cb79b8347680aad@%3Cissues.nifi.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E">https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-22119">https://nvd.nist.gov/vuln/detail/CVE-2021-22119</a><br><a href="https://tanzu.vmware.com/security/cve-2021-22119">https://tanzu.vmware.com/security/cve-2021-22119</a><br><a href="https://www.oracle.com/security-alerts/cpujan2022.html">https://www.oracle.com/security-alerts/cpujan2022.html</a><br></details> |
| org.springframework.security:spring-security-web | CVE-2021-22112 | HIGH | 5.2.8.RELEASE | 5.2.9, 5.2.9, 5.4.4, 5.4.4 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/02/19/7">http://www.openwall.com/lists/oss-security/2021/02/19/7</a><br><a href="https://access.redhat.com/security/cve/CVE-2021-22112">https://access.redhat.com/security/cve/CVE-2021-22112</a><br><a href="https://github.com/advisories/GHSA-gq28-h5vg-8prx">https://github.com/advisories/GHSA-gq28-h5vg-8prx</a><br><a href="https://github.com/spring-projects/spring-security/releases/tag/5.4.4">https://github.com/spring-projects/spring-security/releases/tag/5.4.4</a><br><a href="https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r163b3e4e39803882f5be05ee8606b2b9812920e196daa2a82997ce14@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E">https://lists.apache.org/thread.html/r2cb05e499807900ba23e539643eead9c5f0652fd271f223f89da1804@%3Cpluto-scm.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r37423ec7eea340e92a409452c35b649dce02fdc467f0b3f52086c177@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r3868207b967f926819fe3aa8d33f1666429be589bb4a62104a49f4e3@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r390783b3b1c59b978131ac08390bf77fbb3863270cbde59d5b0f5fde@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r413e380088c427f56102968df89ef2f336473e1b56b7d4b3a571a378@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/r89aa1b48a827f5641310305214547f1d6b2101971a49b624737c497f@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E">https://lists.apache.org/thread.html/ra53677224fe4f04c2599abc88032076faa18dc84b329cdeba85d4cfc@%3Cpluto-scm.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E">https://lists.apache.org/thread.html/ra6389b1b82108a3b6bbcd22979f7665fd437c2a3408c9509a15a9ca1@%3Cpluto-dev.portals.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E">https://lists.apache.org/thread.html/redbd004a503b3520ae5746c2ab5e93fd7da807a8c128e60d2002cd9b@%3Cissues.nifi.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-22112">https://nvd.nist.gov/vuln/detail/CVE-2021-22112</a><br><a href="https://tanzu.vmware.com/security/cve-2021-22112">https://tanzu.vmware.com/security/cve-2021-22112</a><br><a href="https://www.jenkins.io/security/advisory/2021-02-19/">https://www.jenkins.io/security/advisory/2021-02-19/</a><br><a href="https://www.oracle.com//security-alerts/cpujul2021.html">https://www.oracle.com//security-alerts/cpujul2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br><a href="https://www.oracl
chore: Auto-update chart README [skip ci]
2022-04-20 21:21:59 +00:00
| org.springframework:spring-beans | CVE-2022-22965 | CRITICAL | 5.2.12.RELEASE | 5.3.18, 5.2.20 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html">http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-22965">https://access.redhat.com/security/cve/CVE-2022-22965</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf</a><br><a href="https://github.com/advisories/GHSA-36p3-wjmg-h94x">https://github.com/advisories/GHSA-36p3-wjmg-h94x</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12">https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6">https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6</a><br><a href="https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15">https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE">https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18">https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22965">https://nvd.nist.gov/vuln/detail/CVE-2022-22965</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22965">https://tanzu.vmware.com/security/cve-2022-22965</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67</a><br><a href="https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html">https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br><a href="https://www.praetorian.com/blog/spring-core-jdk9-rce/">https://www.praetorian.com/blog/spring-core-jdk9-rce/</a><br></details> |
| org.springframework:spring-core | CVE-2021-22060 | MEDIUM | 5.2.12.RELEASE | 5.2.19, 5.3.14 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-22060">https://access.redhat.com/security/cve/CVE-2021-22060</a><br><a href="https://github.com/advisories/GHSA-6gf2-pvqw-37ph">https://github.com/advisories/GHSA-6gf2-pvqw-37ph</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-22060">https://nvd.nist.gov/vuln/detail/CVE-2021-22060</a><br><a href="https://tanzu.vmware.com/security/cve-2021-22060">https://tanzu.vmware.com/security/cve-2021-22060</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-09 08:44:17 +00:00
| org.springframework:spring-core | CVE-2022-22950 | MEDIUM | 5.2.12.RELEASE | 5.2.20, 5.3.16 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22950">https://access.redhat.com/security/cve/CVE-2022-22950</a><br><a href="https://github.com/advisories/GHSA-558x-2xjg-6232">https://github.com/advisories/GHSA-558x-2xjg-6232</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22950">https://nvd.nist.gov/vuln/detail/CVE-2022-22950</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22950">https://tanzu.vmware.com/security/cve-2022-22950</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-26 20:05:48 +00:00
| org.springframework:spring-core | CVE-2022-22968 | LOW | 5.2.12.RELEASE | 5.2.21, 5.3.19 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-22968">https://access.redhat.com/security/cve/CVE-2022-22968</a><br><a href="https://github.com/advisories/GHSA-g5mm-vmx4-3rg7">https://github.com/advisories/GHSA-g5mm-vmx4-3rg7</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22968">https://nvd.nist.gov/vuln/detail/CVE-2022-22968</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22968">https://tanzu.vmware.com/security/cve-2022-22968</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-20 21:21:59 +00:00
| org.springframework:spring-webmvc | CVE-2022-22965 | CRITICAL | 5.2.12.RELEASE | 5.3.18, 5.2.20 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html">http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2022-22965">https://access.redhat.com/security/cve/CVE-2022-22965</a><br><a href="https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf">https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf</a><br><a href="https://github.com/advisories/GHSA-36p3-wjmg-h94x">https://github.com/advisories/GHSA-36p3-wjmg-h94x</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12">https://github.com/spring-projects/spring-boot/releases/tag/v2.5.12</a><br><a href="https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6">https://github.com/spring-projects/spring-boot/releases/tag/v2.6.6</a><br><a href="https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15">https://github.com/spring-projects/spring-framework/commit/002546b3e4b8d791ea6acccb81eb3168f51abb15</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE">https://github.com/spring-projects/spring-framework/releases/tag/v5.2.20.RELEASE</a><br><a href="https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18">https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-22965">https://nvd.nist.gov/vuln/detail/CVE-2022-22965</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement</a><br><a href="https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds">https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds</a><br><a href="https://tanzu.vmware.com/security/cve-2022-22965">https://tanzu.vmware.com/security/cve-2022-22965</a><br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67</a><br><a href="https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html">https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br><a href="https://www.praetorian.com/blog/spring-core-jdk9-rce/">https://www.praetorian.com/blog/spring-core-jdk9-rce/</a><br></details> |
chore: Auto-update chart README [skip ci]
2022-04-03 16:31:59 +00:00
| org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.25 | 1.26 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2017-18640">https://access.redhat.com/security/cve/CVE-2017-18640</a><br><a href="https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c">https://bitbucket.org/asomov/snakeyaml/commits/da11ddbd91c1f8392ea932b37fa48110fa54ed8c</a><br><a href="https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion">https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for-preventing-billion</a><br><a href="https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack">https://bitbucket.org/asomov/snakeyaml/wiki/Billion%20laughs%20attack</a><br><a href="https://bitbucket.org/asomov/snakeyaml/wiki/Changes">https://bitbucket.org/asomov/snakeyaml/wiki/Changes</a><br><a href="https://github.com/advisories/GHSA-rvwf-54qp-4r6v">https://github.com/advisories/GHSA-rvwf-54qp-4r6v</a><br><a href="https://linux.oracle.com/cve/CVE-2017-18640.html">https://linux.oracle.com/cve/CVE-2017-18640.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-4807.html">https://linux.oracle.com/errata/ELSA-2020-4807.html</a><br><a href="https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E">https://lists.apache.org/thread.html/r1058e7646988394de6a3fd0857ea9b1ee0de14d7bb28fee5ff782457@%3Ccommits.atlas.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E">https://lists.apache.org/thread.html/r154090b871cf96d985b90864442d84eb027c72c94bc3f0a5727ba2d1@%3Ccommon-issues.hadoop.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E">https://lists.apache.org/thread.html/r16ae4e529401b75a1f5aa462b272b31bf2a108236f882f06fddc14bc@%3Ccommon-issues.hadoop.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E">https://lists.apache.org/thread.html/r1703a402f30c8a2ee409f8c6f393e95a63f8c952cc9ee5bf9dd586dc@%3Ccommits.cassandra.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E">https://lists.apache.org/thread.html/r182e9cf6f3fb22b9be0cac4ff0685199741d2ab6e9a4e27a3693c224@%3Ccommon-issues.hadoop.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E">https://lists.apache.org/thread.html/r191ceadb1b883357384981848dfa5235cb02a90070c553afbaf9b3d9@%3Ccommits.cassandra.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E">https://lists.apache.org/thread.html/r1aab47b48a757c70e40fc0bcb1fcf1a3951afa6a17aee7cd66cf79f8@%3Ccommon-commits.hadoop.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E">https://lists.apache.org/thread.html/r1dfac8b6a7097bcb4979402bbb6e2f8c36d0d9001e3018717eb22b7e@%3Cdev.atlas.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E">https://lists.apache.org/thread.html/r1ffce2ed3017e9964f03ad2c539d69e49144fc8e9bf772d641612f98@%3Ccommits.cassandra.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E">https://lists.apache.org/thread.html/r20350031c60a77b45e0eded33e9b3e9cb0cbfc5e24e1c63bf264df12@%3Ccommits.cassandra.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r22ac2aa05