-
Task
-
Resolution: Obsolete
-
Major
-
None
-
False
-
-
False
I've consolidated high and critical severity CVEs which are related to the pulsar client and can be resolved with an upgrade. This seems less annoying than making an issue for each CVE, but please let me know if you'd like this in a different format in the future.
| Identifier | Scanner Name | Severity | Package | Package Path | Justification |
| CVE-2022-1471 | Twistlock CVE | Critical | org.yaml_snakeyaml-1.30 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-25857 | Twistlock CVE | High | org.yaml_snakeyaml-1.30 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-client-messagecrypto-bc-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-client-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-client-original-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client-original | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-transaction-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-transaction-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-client-admin-api-2.10.1 | /debezium/lib/pulsar-client-admin-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-33684 | Anchore CVE | High | pulsar-client-api-2.10.1 | /debezium/lib/pulsar-client-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-41881 | Twistlock CVE | High | io.netty_netty-codec-4.1.77 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-42003 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2022-42004 | Twistlock CVE | High | com.fasterxml.jackson.core_jackson-databind-2.13.2.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-2976 | Twistlock CVE | High | com.google.guava_guava-31.0.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-client-messagecrypto-bc-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-client-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-client-original-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client-original | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-transaction-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-transaction-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-client-admin-api-2.10.1 | /debezium/lib/pulsar-client-admin-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30428 | Anchore CVE | High | pulsar-client-api-2.10.1 | /debezium/lib/pulsar-client-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-client-messagecrypto-bc-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-client-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-client-original-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-client-original | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-transaction-common-2.10.1 | /debezium/lib/pulsar-client-2.10.1.jar:pulsar-transaction-common | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-client-admin-api-2.10.1 | /debezium/lib/pulsar-client-admin-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| CVE-2023-30429 | Anchore CVE | High | pulsar-client-api-2.10.1 | /debezium/lib/pulsar-client-api-2.10.1.jar | Can be resolved with upgrade to 2.11.2 |
| GHSA-3mc7-4q67-w48m | Anchore CVE | High | snakeyaml-1.30 | /debezium/lib/pulsar-client-2.10.1.jar:snakeyaml | Can be resolved with upgrade to 2.11.2 |
| GHSA-jjjh-jjxp-wpff | Anchore CVE | High | jackson-databind-2.13.2.1 | /debezium/lib/pulsar-client-2.10.1.jar:jackson-databind | related to CVE-2022-42003 |
| GHSA-mjmj-j48q-9wg2 | Anchore CVE | High | snakeyaml-1.30 | /debezium/lib/pulsar-client-2.10.1.jar:snakeyaml | related to CVE-2022-1471 |
| GHSA-rgv9-q543-rqg4 | Anchore CVE | High | jackson-databind-2.13.2.1 | /debezium/lib/pulsar-client-2.10.1.jar:jackson-databind | related to CVE-2022-42004 |
- impacts account
-
-
- Closed
-
