chore: file advisories for management-api-for-apache-cassandra-5.0 (#…

…8713) Signed-off-by: Mritunjay <[email protected]>
wolfi-dev · Oct 18, 2024 · 40dde40 · 40dde40
1 parent 63b20d4
commit 40dde40
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/management-api-for-apache-cassandra-5.0.advisories.yaml b/management-api-for-apache-cassandra-5.0.advisories.yaml
@@ -21,6 +21,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:15:03Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-5jp4-3j6v-xcj7
     aliases:
@@ -39,6 +43,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:22:40Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-654j-wjm3-qmg4
     aliases:
@@ -57,6 +65,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T15:22:40Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''classgraph'' to ''4.8.112'' or later but this fix will require some code changes on the upstream repository.'
 
   - id: CGA-85g9-6hwh-32gx
     aliases:
@@ -75,6 +87,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:22:20Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-9gmq-c996-778j
     aliases:
@@ -93,6 +109,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T15:24:57Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-c8q6-4qp3-vqhh
     aliases:
@@ -111,6 +131,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:15:11Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-hrp6-hg6x-533q
     aliases:
@@ -129,6 +153,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:22:10Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-mhgw-xcxh-mprj
     aliases:
@@ -147,6 +175,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:25:44Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.11'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-pc67-qgg2-hpmq
     aliases:
@@ -165,6 +197,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:22:30Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-v95v-8w2m-8jvx
     aliases:
@@ -183,6 +219,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:14:57Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-vgwv-c777-jqwv
     aliases:
@@ -201,6 +241,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:26:02Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
   - id: CGA-vppp-hq87-2m8x
     aliases:
@@ -219,6 +263,10 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T16:02:18Z
+        type: pending-upstream-fix
+        data:
+          note: Commons-io v2.9.0 is a transitive dependency that is brought in under the resteasy-client-api, even the most up to date version of the 4.x.x version stream (4.7.9) contains the affected version of commons-io. This requires the upstream maintainers to implement a fix.
 
   - id: CGA-w753-xwwq-8ch4
     aliases:
@@ -237,3 +285,7 @@ advisories:
             componentType: java-archive
             componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
             scanner: grype
+      - timestamp: 2024-10-18T18:21:41Z
+        type: pending-upstream-fix
+        data:
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''