You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Satyamurthy Kotni <Sa...@digital.homeoffice.gov.uk> on 2020/01/24 11:17:29 UTC
Re: Kafka 2.4 - anchore scan list

Hi KafkaTeam,
We are using Kafka 2.4 but anchore scan is giving below list.
Is there anything we can do or do we need to wait for next release?
Thanks for your support.
Best Regards
Satya Kotni



+----------------+----------+
0s
2
21
+-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+
62s
22
| WHITELISTED | SEVERITY | PACKAGE | PACKAGE TYPE | VERSION | VULNERABILITY | URL |
62s
23
+-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+
62s
24
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
25
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
26
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
27
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
28
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
29
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
30
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
31
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
32
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
33
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
34
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 |
62s
35
| true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 |
62s
36
| true | Medium | guava-20.0 | java | 20.0 | CVE-2018-10237 | https://nvd.nist.gov/vuln/detail/CVE-2018-10237 |
62s
37
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-17531 | https://nvd.nist.gov/vuln/detail/CVE-2019-17531 |
62s
38
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-17267 | https://nvd.nist.gov/vuln/detail/CVE-2019-17267 |
62s
39
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16943 | https://nvd.nist.gov/vuln/detail/CVE-2019-16943 |
62s
40
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16942 | https://nvd.nist.gov/vuln/detail/CVE-2019-16942 |
62s
41
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14379 | https://nvd.nist.gov/vuln/detail/CVE-2019-14379 |
62s
42
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16335 | https://nvd.nist.gov/vuln/detail/CVE-2019-16335 |
62s
43
| true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14540 | https://nvd.nist.gov/vuln/detail/CVE-2019-14540 |
62s
44
| true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12384 | https://nvd.nist.gov/vuln/detail/CVE-2019-12384 |
62s
45
| true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14439 | https://nvd.nist.gov/vuln/detail/CVE-2019-14439 |
62s
46
| true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12814 | https://nvd.nist.gov/vuln/detail/CVE-2019-12814 |
62s
47
| true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12086 | https://nvd.nist.gov/vuln/detail/CVE-2019-12086 |
62s
48
| true | High | log4j-1.2.17 | java | 1.2.17 | CVE-2019-17571 | https://nvd.nist.gov/vuln/detail/CVE-2019-17571 |
62s
49
| true | Medium | zookeeper-3.4.13 | java | 3.4.13 | CVE-2019-0201 | https://nvd.nist.gov/vuln/detail/CVE-2019-0201 |
62s
50
+-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+
62s
51
+----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+
62s
52
| SEVERITY | FEED | FIX | PACKAGE | PACKAGE TYPE | VERSION | URL | VULNERABILITY |
62s
53
+----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+
62s
54
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
55
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
56
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
57
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
58
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
59
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
60
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
61
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
62
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
63
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
64
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
65
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
66
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
67
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
68
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
69
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 |
62s
70
| Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 |
62s
71
| Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 |
62s
72
| Medium | nvd | None | guava-20.0 | java | 20.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-10237 | CVE-2018-10237 |
62s
73
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17531 | CVE-2019-17531 |
62s
74
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17267 | CVE-2019-17267 |
62s
75
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16943 | CVE-2019-16943 |
62s
76
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16942 | CVE-2019-16942 |
62s
77
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14379 | CVE-2019-14379 |
62s
78
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16335 | CVE-2019-16335 |
62s
79
| High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14540 | CVE-2019-14540 |
62s
80
| Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12384 | CVE-2019-12384 |
62s
81
| Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14439 | CVE-2019-14439 |
62s
82
| Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12814 | CVE-2019-12814 |
62s
83
| Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12086 | CVE-2019-12086 |
62s
84
| High | nvd | None | log4j-1.2.17 | java | 1.2.17 | https://nvd.nist.gov/vuln/detail/CVE-2019-17571 | CVE-2019-17571 |
62s
85
| Medium | nvd | None | zookeeper-3.4.13 | java | 3.4.13 | https://nvd.nist.gov/vuln/detail/CVE-2019-0201 | CVE-2019-0201 |
62s
86
+----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+
62s
87
+---------------------------+-------------------------------------------------------+
62s
88
| Docker Image | docker.digital.homeoffice.gov.uk/mma/mma-kafka:latest |
62s
89
| Dockerfile Path | |
62s
90
| Toleration (>=) | low |
62s
91
| Skipped | 16 |
62s
92
| Vulnerabilities Failed On | 0 |
62s
93
| Vulnerabilities Total | 32 |
62s
94
| Timeout | 20m0s |
62s
95
| Scan Time | 1m2.007477261s |
62s
96
+---------------------------+-------------------------------------------------------+
62s
exit code 0



Please ensure that any communication with the Home Office is via an official account ending with digital.homeoffice.gov.uk, homeoffice.gov.uk or homeoffice.gsi.gov.uk. This email and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please return it to the address it came from telling them it is not for you and then delete it from your system. Communications via the digital.homeoffice.gov.uk domain may be automatically logged, monitored and/or recorded for legal purposes. This email message has been swept for computer viruses.