-
Notifications
You must be signed in to change notification settings - Fork 61
/
akhq.advisories.yaml
72 lines (68 loc) · 2.17 KB
/
akhq.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
schema-version: 2.0.2
package:
name: akhq
advisories:
- id: CGA-2hmx-pc95-g53j
aliases:
- CVE-2024-47535
- GHSA-xq3w-v528-46rv
events:
- timestamp: 2024-11-13T08:22:04Z
type: detection
data:
type: scan/v1
data:
subpackageName: akhq
componentID: e4b2467775156c28
componentName: netty-common
componentVersion: 4.1.108.Final
componentType: java-archive
componentLocation: /usr/share/java/akhq/akhq.jar
scanner: grype
- timestamp: 2024-11-20T20:00:27Z
type: false-positive-determination
data:
type: vulnerable-code-cannot-be-controlled-by-adversary
note: Vulnerability affects only Windows systems.
- id: CGA-6pm2-j37h-3fvw
aliases:
- CVE-2024-47561
- GHSA-r7pg-v2c8-mfg3
events:
- timestamp: 2024-10-09T07:02:14Z
type: detection
data:
type: scan/v1
data:
subpackageName: akhq
componentID: 1cae1e5d0146dc44
componentName: avro
componentVersion: 1.11.3
componentType: java-archive
componentLocation: /usr/share/java/akhq/akhq.jar
scanner: grype
- timestamp: 2024-10-10T11:36:38Z
type: fixed
data:
fixed-version: 0.25.1-r1
- id: CGA-f489-vh6m-4x4f
aliases:
- CVE-2024-6763
- GHSA-qh8g-58pp-2wxh
events:
- timestamp: 2024-10-15T07:17:16Z
type: detection
data:
type: scan/v1
data:
subpackageName: akhq
componentID: 0755537badc34e08
componentName: jetty-http
componentVersion: 9.4.53.v20231009
componentType: java-archive
componentLocation: /usr/share/java/akhq/akhq.jar
scanner: grype
- timestamp: 2024-10-25T15:25:49Z
type: pending-upstream-fix
data:
note: Updating jetty to a non-vulnerable version would require 3 major version bumps, which would be a very significant upgrade with multiple breaking changes, and should only be undertaken by the upstream maintainers.