forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
confluent-common-docker.advisories.yaml
56 lines (52 loc) · 1.85 KB
/
confluent-common-docker.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
schema-version: 2.0.2
package:
name: confluent-common-docker
advisories:
- id: CVE-2023-45288
aliases:
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2024-04-13T07:06:08Z
type: fixed
data:
fixed-version: 7.6.0-r4
- id: CVE-2023-51775
aliases:
- GHSA-6qvw-249j-h44c
events:
- timestamp: 2024-03-19T16:20:01Z
type: detection
data:
type: scan/v1
data:
subpackageName: confluent-common-docker
componentID: bc7e78f5849d3b9b
componentName: jose4j
componentVersion: 0.9.3
componentType: java-archive
componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar
scanner: grype
- timestamp: 2024-03-20T07:06:26Z
type: pending-upstream-fix
data:
note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository.
- id: CVE-2024-23944
aliases:
- GHSA-r978-9m6m-6gm6
events:
- timestamp: 2024-03-19T16:20:02Z
type: detection
data:
type: scan/v1
data:
subpackageName: confluent-common-docker
componentID: 3b6ce91dccc68f33
componentName: zookeeper
componentVersion: 3.8.3
componentType: java-archive
componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar
scanner: grype
- timestamp: 2024-03-20T07:06:26Z
type: pending-upstream-fix
data:
note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository.