chore: file advisories for management-api-for-apache-cassandra-5.0

Signed-off-by: Mritunjay <[email protected]>

management-api-for-apache-cassandra-5.0.advisories.yaml

@@ -4,236 +4,132 @@ package:
   name: management-api-for-apache-cassandra-5.0
 
 advisories:
-  - id: CGA-449j-52qq-cgj7
+  - id: CGA-5366-8fq6-34w8
     aliases:
-      - CVE-2020-36518
-      - GHSA-57j2-w4cx-62h2
+      - CVE-2022-41854
+      - GHSA-w37g-rhq8-7m4j
     events:
-      - timestamp: 2024-10-18T14:35:10Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: ee7f37932de9cf66
-            componentName: jackson-databind
-            componentVersion: 2.11.1
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-5jp4-3j6v-xcj7
+  - id: CGA-5w59-gp3v-29fh
     aliases:
-      - CVE-2022-38750
-      - GHSA-hhhw-99gj-p3c3
+      - CVE-2024-47554
+      - GHSA-78wr-2p64-hpwj
     events:
-      - timestamp: 2024-10-18T14:35:19Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: Commons-io v2.9.0 is a transitive dependency that is brought in under the resteasy-client-api, even the most up to date version of the 4.x.x version stream (4.7.9) contains the affected version of commons-io. This requires the upstream maintainers to implement a fix.
 
-  - id: CGA-654j-wjm3-qmg4
+  - id: CGA-69cr-q4xf-g62p
     aliases:
       - CVE-2021-47621
       - GHSA-v2xm-76pq-phcf
     events:
-      - timestamp: 2024-10-18T14:35:31Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 18b9f8ad77cb113a
-            componentName: classgraph
-            componentVersion: 4.8.65
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: To fix the CVE, we have to upgrade 'classgraph' to '4.8.112' or later but this fix will require some code changes on the upstream repository.
 
-  - id: CGA-85g9-6hwh-32gx
+  - id: CGA-6phc-ggx6-f65h
     aliases:
-      - CVE-2022-38752
-      - GHSA-9w3m-gqgf-c4p9
+      - CVE-2022-38751
+      - GHSA-98wm-3w3q-mw94
     events:
-      - timestamp: 2024-10-18T14:35:15Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-9gmq-c996-778j
+  - id: CGA-8mj8-h3qm-fv2f
     aliases:
       - CVE-2022-42003
       - GHSA-jjjh-jjxp-wpff
     events:
-      - timestamp: 2024-10-18T14:35:22Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: ee7f37932de9cf66
-            componentName: jackson-databind
-            componentVersion: 2.11.1
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-c8q6-4qp3-vqhh
+  - id: CGA-93r9-fp2j-wcj7
     aliases:
-      - CVE-2022-42004
-      - GHSA-rgv9-q543-rqg4
+      - CVE-2022-38750
+      - GHSA-hhhw-99gj-p3c3
     events:
-      - timestamp: 2024-10-18T14:35:28Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: ee7f37932de9cf66
-            componentName: jackson-databind
-            componentVersion: 2.11.1
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-hrp6-hg6x-533q
+  - id: CGA-9x5v-7r6g-f8w9
     aliases:
-      - CVE-2022-38751
-      - GHSA-98wm-3w3q-mw94
+      - CVE-2020-36518
+      - GHSA-57j2-w4cx-62h2
     events:
-      - timestamp: 2024-10-18T14:35:13Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-mhgw-xcxh-mprj
+  - id: CGA-crvh-3r72-gr7w
     aliases:
-      - CVE-2022-1471
-      - GHSA-mjmj-j48q-9wg2
+      - CVE-2022-38752
+      - GHSA-9w3m-gqgf-c4p9
     events:
-      - timestamp: 2024-10-18T14:35:25Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-pc67-qgg2-hpmq
+  - id: CGA-fcv7-h4f3-cvc2
     aliases:
-      - CVE-2022-38749
-      - GHSA-c4r9-r8fh-9vj2
+      - CVE-2022-42004
+      - GHSA-rgv9-q543-rqg4
     events:
-      - timestamp: 2024-10-18T14:35:17Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-v95v-8w2m-8jvx
+  - id: CGA-fvq2-cwrg-cphg
     aliases:
       - CVE-2021-46877
       - GHSA-3x8x-79m2-3w2w
     events:
-      - timestamp: 2024-10-18T14:35:10Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: ee7f37932de9cf66
-            componentName: jackson-databind
-            componentVersion: 2.11.1
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.0'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-vgwv-c777-jqwv
+  - id: CGA-hxmp-crjv-gmqx
     aliases:
-      - CVE-2022-41854
-      - GHSA-w37g-rhq8-7m4j
+      - CVE-2022-1471
+      - GHSA-mjmj-j48q-9wg2
     events:
-      - timestamp: 2024-10-18T14:35:35Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.11'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-vppp-hq87-2m8x
+  - id: CGA-qqfv-p3r3-j2fg
     aliases:
-      - CVE-2024-47554
-      - GHSA-78wr-2p64-hpwj
+      - CVE-2022-25857
+      - GHSA-3mc7-4q67-w48m
     events:
-      - timestamp: 2024-10-18T14:35:12Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 093ed7e7a57f49e5
-            componentName: commons-io
-            componentVersion: 2.9.0
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''
 
-  - id: CGA-w753-xwwq-8ch4
+  - id: CGA-vr2p-7q48-r39g
     aliases:
-      - CVE-2022-25857
-      - GHSA-3mc7-4q67-w48m
+      - CVE-2022-38749
+      - GHSA-c4r9-r8fh-9vj2
     events:
-      - timestamp: 2024-10-18T14:35:08Z
-        type: detection
+      - timestamp: 2024-10-18T17:11:35Z
+        type: pending-upstream-fix
         data:
-          type: scan/v1
-          data:
-            subpackageName: management-api-for-apache-cassandra-5.0-compat
-            componentID: 42c9fac88d63d420
-            componentName: snakeyaml
-            componentVersion: "1.26"
-            componentType: java-archive
-            componentLocation: /opt/management-api/datastax-mgmtapi-server-0.1.0-SNAPSHOT.jar
-            scanner: grype
+          note: 'To fix the CVE, we have to upgrade ''swagger-jaxrs2'' to ''2.2.10'' or later but this fix will require some code change since the upgrade cause the build to fail due to compilation errors like: ''src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'''