diff --git a/spark-3.5-scala-2.13.advisories.yaml b/spark-3.5-scala-2.13.advisories.yaml new file mode 100644 index 0000000000..af781a161d --- /dev/null +++ b/spark-3.5-scala-2.13.advisories.yaml @@ -0,0 +1,544 @@ +schema-version: 2.0.2 + +package: + name: spark-3.5-scala-2.13 + +advisories: + - id: CGA-2fxh-wjvr-pgc3 + aliases: + - CVE-2024-26308 + - GHSA-4265-ccf5-phj5 + events: + - timestamp: 2024-11-20T13:12:29Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: ce12a22816f06df1 + componentName: commons-compress + componentVersion: "1.21" + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-45m6-3663-vmrw + aliases: + - CVE-2022-3510 + - GHSA-4gg5-vx3j-xwc7 + events: + - timestamp: 2024-11-20T13:12:32Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-4q67-3fwg-vmq6 + aliases: + - CVE-2024-25710 + - GHSA-4g9r-vxhx-9pgx + events: + - timestamp: 2024-11-20T13:12:31Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: ce12a22816f06df1 + componentName: commons-compress + componentVersion: "1.21" + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-56ph-vwr9-h9cf + aliases: + - GHSA-58qw-p7qm-5rvh + events: + - timestamp: 2024-11-20T13:12:34Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 4b6f9ebbfaf0ef72 + componentName: jetty-xml + componentVersion: 9.4.43.v20210629 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-5rrm-wv6p-5c39 + aliases: + - CVE-2023-52428 + - GHSA-gvpg-vgmx-xg6w + events: + - timestamp: 2024-11-20T13:13:28Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 861591fe351d1675 + componentName: nimbus-jose-jwt + componentVersion: 9.8.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-5wh4-5p8j-33rj + aliases: + - CVE-2022-40152 + - GHSA-3f7h-mf4q-vrm4 + events: + - timestamp: 2024-11-20T13:12:27Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2b57bbf9cc4b8a50 + componentName: woodstox-core + componentVersion: 5.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-6hpx-mm5q-grch + aliases: + - CVE-2024-47561 + - GHSA-r7pg-v2c8-mfg3 + events: + - timestamp: 2024-11-20T13:14:02Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: b62adf4ed86ceeb4 + componentName: avro + componentVersion: 1.7.7 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-95rq-pqfg-9383 + aliases: + - CVE-2024-47554 + - GHSA-78wr-2p64-hpwj + events: + - timestamp: 2024-11-20T13:12:43Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: ec9c54ae89d9f70a + componentName: commons-io + componentVersion: 2.8.0 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-9623-89qx-877m + aliases: + - CVE-2022-3171 + - GHSA-h4h5-3hr4-j3g2 + events: + - timestamp: 2024-11-20T13:13:34Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-9g23-pgwc-p32g + aliases: + - CVE-2022-36944 + - GHSA-8qv5-68g4-248j + events: + - timestamp: 2024-11-20T13:12:50Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 66333129ab1d6af4 + componentName: scala-library + componentVersion: 2.13.8 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/scala-library-2.13.8.jar + scanner: grype + + - id: CGA-c37x-q8fg-g7gr + aliases: + - CVE-2023-39410 + - GHSA-rhrv-645h-fjfh + events: + - timestamp: 2024-11-20T13:14:26Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: b62adf4ed86ceeb4 + componentName: avro + componentVersion: 1.7.7 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-c3mr-w98r-ch3c + aliases: + - CVE-2024-29131 + - GHSA-xjp4-hw94-mvp5 + events: + - timestamp: 2024-11-20T13:14:44Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 7b78a588d6d74b8e + componentName: commons-configuration2 + componentVersion: 2.1.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-cfpv-j2r6-pgf4 + aliases: + - CVE-2022-3509 + - GHSA-g5ww-5jh7-63cx + events: + - timestamp: 2024-11-20T13:13:22Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-f57h-4h74-xh48 + aliases: + - CVE-2024-6763 + - GHSA-qh8g-58pp-2wxh + events: + - timestamp: 2024-11-20T13:13:54Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 8e2e70cbce7266ba + componentName: jetty-http + componentVersion: 9.4.43.v20210629 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-f7wh-q7gp-f4wq + aliases: + - CVE-2021-22569 + - GHSA-wrvw-hg22-4m67 + events: + - timestamp: 2024-11-20T13:14:35Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-fq2m-vp93-v8gm + aliases: + - CVE-2021-37533 + - GHSA-cgp8-4m63-fhh5 + events: + - timestamp: 2024-11-20T13:13:01Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: dd1d8e257b545039 + componentName: commons-net + componentVersion: "3.6" + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-fqjr-mqj6-7cpp + aliases: + - CVE-2021-22570 + - GHSA-77rm-9x9h-xj3g + events: + - timestamp: 2024-11-20T13:12:41Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-g946-j9fh-xg4v + aliases: + - CVE-2024-23454 + - GHSA-f5fw-25gw-5m92 + events: + - timestamp: 2024-11-20T13:13:11Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2119816a8162f61d + componentName: hadoop-common + componentVersion: 3.3.4 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-api-3.3.4.jar + scanner: grype + + - id: CGA-g9g9-hh8j-v9h4 + aliases: + - CVE-2024-7254 + - GHSA-735f-pc8j-v9w8 + events: + - timestamp: 2024-11-20T13:12:38Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2fd25ab3e8accc41 + componentName: protobuf-java + componentVersion: 3.7.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-hcx6-4xcx-96pr + aliases: + - CVE-2023-2976 + - GHSA-7g45-4rm6-3mm3 + events: + - timestamp: 2024-11-20T13:12:46Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 8798fe24bdba8a8a + componentName: guava + componentVersion: 24.1.1-android + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/guava-24.1.1-android.jar + scanner: grype + + - id: CGA-hvrv-q645-jvc9 + aliases: + - CVE-2022-42004 + - GHSA-rgv9-q543-rqg4 + events: + - timestamp: 2024-11-20T13:14:18Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 7433c96c08388eb8 + componentName: jackson-databind + componentVersion: 2.12.7 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-j948-p6wg-rq6h + aliases: + - CVE-2024-23944 + - GHSA-r978-9m6m-6gm6 + events: + - timestamp: 2024-11-20T13:14:09Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 2387838f3c0e5c36 + componentName: zookeeper + componentVersion: 3.7.2 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/zookeeper-3.7.2.jar + scanner: grype + + - id: CGA-mx94-xp7q-7x32 + aliases: + - CVE-2023-40167 + - GHSA-hmr7-m48g-48f6 + events: + - timestamp: 2024-11-20T13:13:41Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 8e2e70cbce7266ba + componentName: jetty-http + componentVersion: 9.4.43.v20210629 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-pgr9-2j9x-h3gg + aliases: + - CVE-2020-8908 + - GHSA-5mg8-w23w-74h3 + events: + - timestamp: 2024-11-20T13:12:36Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 8798fe24bdba8a8a + componentName: guava + componentVersion: 24.1.1-android + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/guava-24.1.1-android.jar + scanner: grype + + - id: CGA-pm4j-36rg-wx67 + aliases: + - CVE-2021-31684 + - GHSA-fg2v-w576-w4v3 + events: + - timestamp: 2024-11-20T13:13:17Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: fcdaf6e69321b8db + componentName: json-smart + componentVersion: 1.3.2 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-qmj2-q7px-44mh + aliases: + - CVE-2022-42003 + - GHSA-jjjh-jjxp-wpff + events: + - timestamp: 2024-11-20T13:13:47Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 7433c96c08388eb8 + componentName: jackson-databind + componentVersion: 2.12.7 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-qrhc-cv5f-6x94 + aliases: + - CVE-2024-29133 + - GHSA-9w38-p64v-xpmv + events: + - timestamp: 2024-11-20T13:12:53Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 7b78a588d6d74b8e + componentName: commons-configuration2 + componentVersion: 2.1.1 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-v37r-crxx-4j4j + aliases: + - CVE-2023-1370 + - GHSA-493p-pfq6-5258 + events: + - timestamp: 2024-11-20T13:12:30Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: fcdaf6e69321b8db + componentName: json-smart + componentVersion: 1.3.2 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-wf44-r5r7-gv7f + aliases: + - CVE-2024-25638 + - GHSA-cfxw-4h78-h7fw + events: + - timestamp: 2024-11-20T13:12:57Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 3e2196c16fe3db2b + componentName: dnsjava + componentVersion: 2.1.7 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype + + - id: CGA-x64f-h9cm-wv76 + aliases: + - CVE-2022-2047 + - GHSA-cj7v-27pg-wf7q + events: + - timestamp: 2024-11-20T13:13:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5-scala-2.13 + componentID: 8e2e70cbce7266ba + componentName: jetty-http + componentVersion: 9.4.43.v20210629 + componentType: java-archive + componentLocation: /usr/lib/spark/assembly/target/scala-2.13/jars/hadoop-client-runtime-3.3.4.jar + scanner: grype