forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcassandra-4.1.advisories.yaml
103 lines (97 loc) · 3.64 KB
/
cassandra-4.1.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
schema-version: 2.0.2
package:
name: cassandra-4.1
advisories:
- id: CVE-2020-8908
aliases:
- GHSA-5mg8-w23w-74h3
events:
- timestamp: 2024-02-27T07:15:09Z
type: detection
data:
type: scan/v1
data:
subpackageName: cassandra-4.1
componentID: f069ff97983ab311
componentName: guava
componentVersion: 27.0-jre
componentType: java-archive
componentLocation: /usr/share/java/cassandra/lib/guava-27.0-jre.jar
scanner: grype
- timestamp: 2024-02-27T07:17:09Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: 'CVE considered a false positive by the maintainers: https://github.com/apache/cassandra/blob/cassandra-4.1/.build/dependency-check-suppressions.xml'
- id: CVE-2022-1471
aliases:
- GHSA-mjmj-j48q-9wg2
events:
- timestamp: 2024-02-27T07:15:10Z
type: detection
data:
type: scan/v1
data:
subpackageName: cassandra-4.1
componentID: 300a4a1a14f08cef
componentName: snakeyaml
componentVersion: "1.32"
componentType: java-archive
componentLocation: /usr/share/java/cassandra/lib/snakeyaml-1.32.jar
scanner: grype
- timestamp: 2024-02-27T07:17:10Z
type: false-positive-determination
data:
type: vulnerable-code-cannot-be-controlled-by-adversary
note: 'CVE considered a false positive by the maintainers: https://github.com/apache/cassandra/blob/cassandra-4.1/.build/dependency-check-suppressions.xml'
- id: CVE-2023-2976
aliases:
- GHSA-7g45-4rm6-3mm3
events:
- timestamp: 2024-02-27T07:15:09Z
type: detection
data:
type: scan/v1
data:
subpackageName: cassandra-4.1
componentID: f069ff97983ab311
componentName: guava
componentVersion: 27.0-jre
componentType: java-archive
componentLocation: /usr/share/java/cassandra/lib/guava-27.0-jre.jar
scanner: grype
- timestamp: 2024-02-27T07:17:10Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: 'CVE considered a false positive by the maintainers: https://github.com/apache/cassandra/blob/cassandra-4.1/.build/dependency-check-suppressions.xml'
- id: CVE-2023-6378
aliases:
- GHSA-vmq6-5m68-f53m
events:
- timestamp: 2024-02-27T07:15:10Z
type: detection
data:
type: scan/v1
data:
subpackageName: cassandra-4.1
componentID: 98c4965ba337dd57
componentName: logback-classic
componentVersion: 1.2.9
componentType: java-archive
componentLocation: /usr/share/java/cassandra/lib/logback-classic-1.2.9.jar
scanner: grype
- timestamp: 2024-02-27T07:17:10Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'CVE considered a false positive by the maintainers since Cassandra doesn''t ship logback in a remote configuration: https://issues.apache.org/jira/browse/CASSANDRA-19142'
- id: CVE-2020-13946
aliases:
- GHSA-24ww-mc5x-xc43
events:
- timestamp: 2024-02-27T07:17:09Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: Vulnerable cocode was fixed in Cassandra 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2. Earliest Wolfi package is 4.1.3