CVEs Not Impacting Artifactory

The following is a list of CVEs that do not impact Artifactory.

CVE	Severity	Artifactory Fix Version	Reason
CVE-2024-25710 CVE-2024-26308	High	7.83.1	Upgraded `Apache Tomcat` to version 9.0.87.
CVE-2023-4586	High	7.81.1	Does not affect Artifactory, as it only affects `netty-handler`.
CVE-2023-2976	Medium	7.81.1	Does not affect Artifactory, as it only affects `guava`.
CVE-2024-21626	High	7.80.0	Does not affect Artifactory, as it only affects `runc`.
CVE-2023-39325 CVE-2023-44487	High	7.79.2	Does not affect Artifactory, as it only affects `golang`.
CVE-2023-24539 CVE-2023-29400	High	7.79.2	Does not affect Artifactory, as it only affects `golang`.
CVE-2023-39323	Critical	7.76.0	Does not affect Artifactory, as it only affects `golang`.
CVE-2023-6378	High	7.76.0	Does not affect Artifactory, as it only affects `logback-classic`.
CVE-2023-44487	High	7.76.0	Does not affect Artifactory, as it only affects `golang`.
CVE-2023-39325	High	7.71.5	Does not affect Artifactory, as it only affects `go`.
CVE-2023-24540	Critical	7.71.2	Does not affect Artifactory, as it only affects `go`.
CVE-2023-4759	High	7.71.2	Does not affect Artifactory, as it only affects `jgit`.
CVE-2023-2253	High	7.71.2	Does not affect Artifactory, as it only affects `distribution`.
CVE-2023-24540	Critical	7.70.2	Does not affect Artifactory, as it only affects `Golang`.
CVE-2023-41080	High	7.68.11	Does not affect Artifactory, as it only affects `Apache Tomcat`.
CVE-2023-29403	High	7.68.6	Does not affect Artifactory, since it only affects `yq`.
CVE-2022-4450 CVE-2023-0215	High	7.68.6	Does not affect Artifactory, since it only affects `openssl-libs`.
CVE-2023-34035	High	7.68.6	Does not affect Artifactory, since it only affects `spring-security-config`.
CVE-2023-2976	Medium	7.68.6	Does not affect Artifactory, since it only affects `guava`.
CVE-2023-26136	Critical	7.66.3	Does not affect Artifactory, since it only affects `tough-cookie`.
CVE-2023-29404	Critical	7.66.3	Does not affect Artifactory, since it only affects `golang`.
CVE-2023-2976	High	7.66.3	Does not affect Artifactory, since it only affects `guava`.
CVE-2023-35116	High	7.66.3	Does not affect Artifactory, since it only affects `jackson-databind`.
CVE-2023-32731 CVE-2023-1428 CVE-2023-32732	High	7.66.3	Does not affect Artifactory, since it only affects `grpc`.
CVE-2023-26115	Medium	7.66.3	Does not affect Artifactory, since it only affects `word-wrap`.
CVE-2022-25883	Medium	7.66.3	Does not affect Artifactory, since it only affects `semver`.
CVE-2023-24539	Medium	7.66.3	Does not affect Artifactory, since it only affects `go`.
CVE-2023-29401	Medium	7.66.3	Does not affect Artifactory, since it only affects `gin-gonic`.
CVE-2023-29404	Critical	7.65.3	Does not affect Artifactory, since it only affects `golang`.
CVE-2016-2510	High	7.65.3	Does not affect Artifactory, since it only affects `beanshell`.
CVE-2023-26048	Medium	7.65.3	Does not affect Artifactory, since it only affects `jetty-server`.
CVE-2023-1732	Medium	7.65.3	Does not affect Artifactory, since it only affects `circl`.
CVE-2023-34462	Medium	7.65.3	Does not affect Artifactory, since it only affects `netty-handler`.
CVE-2023-2976	Medium	7.65.3	Does not affect Artifactory, since it only affects `guava`.
CVE-2022-25883	Medium	7.65.3	Does not affect Artifactory, since it only affects `semver`.
CVE-2023-29404	Critical	7.64.4	Does not impact Artifactory, since it only affects `golang`.
CVE-2023-29400	High	7.64.4	Does not impact Artifactory, since it only affects `golang`.
CVE-2023-1732	Medium	7.64.4	Does not impact Artifactory, since it only affects `circl`.
CVE-2023-2976	Medium	7.64.4	Does not impact Artifactory, since it only affects `guava`.
CVE-2022-25883	Medium	7.64.4	Does not impact Artifactory, since it only affects `semver`.
CVE-2023-28709	High	7.63.5	Does not affect Artifactory, since it only impacts `Apache Tomcat`.
CVE-2023-20863	High	7.61.3	Does not affect Artifactory, since it only impacts `spring-core`.
CVE-2022-41722	High	7.61.3	Does not affect Artifactory, since it only impacts `golangci-lint`.
CVE-2023-27561	High	7.61.3	Does not affect Artifactory, since it only impacts `runc`.
CVE-2023-0286	High	7.61.3	Does not affect Artifactory, since it only impacts `openssl-libs`.
CVE-2022-25857 CVE-2022-41854	High	7.61.3	Does not affect Artifactory, since it only impacts `snakeyaml`.
CVE-2023-28708	High	7.61.3	Does not affect Artifactory, since it only impacts `apache tomcat`.
CVE-2023-28642 CVE-2023-25809	Medium	7.61.3	Does not affect Artifactory, since it only impacts `runc`.
CVE-2023-28842 CVE-2023-28840	Medium	7.61.3	Does not affect Artifactory, since it only impacts `docker`.
CVE-2023-26125	Medium	7.61.3	Does not affect Artifactory, since it only impacts `gin-gonic`.
CVE-2023-0845	Medium	7.61.3	Does not affect Artifactory, since it only impacts `hashicorp`.
CVE-2023-1370	High	7.59.5	Does not affect Artifactory, since it only affects `json-smart`.
CVE-2022-41722 CVE-2022-41725 CVE-2022-41724	High	7.59.5	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-41723	High	7.59.5	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-25857	High	7.58.5	Doesn't impact Artifactory, since it only affects `SnakeYAML`.
CVE-2022-41723	High	7.58.1	Doesn't impact Artifactory, since it only affects `Golang`.
CVE-2022-43551	High	7.58.1	Doesn't impact Artifactory, since it only affects `curl`.
CVE-2022-41717	Medium	7.58.1	Doesn't impact Artifactory, since it only affects `yq`.
CVE-2022-41722	High	7.58.0	Doesn't affect Artifactory, since it only affects `Golang`.
CVE-2022-41720	High	7.58.0	Doesn't affect Artifactory, since it only affects `Golang`.
CVE-2022-41716	High	7.58.0	Doesn't affect Artifactory, since it only affects `Golang`.
CVE-2022-2526	High	7.58.0	Doesn't affect Artifactory, since it only affects `systemd-libs`.
CVE-2017-1000487	Critical	7.57.1	Does not affect Artifactory, since it only affects `plexus-utils`.
CVE-2023-25173	Medium	7.57.1	Does not affect Artifactory, since it only affects `containerd`.
CVE-2022-41716	High	7.56.2	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-38900	High	7.56.2	Does not affect Artifactory, since it only affects `decode-uri-components`.
CVE-2022-41720	High	7.56.2	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-23471	Medium	7.56.2	Does not affect Artifactory, since it only affects `containerd`.
CVE-2022-45143	High	7.55.1	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2022-42916	High	7.55.1	Does not affect Artifactory, since it only affects `curl`.
CVE-2022-27664	High	7.55.1	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-41716 CVE-2022-41715 CVE-2022-2880 CVE-2022-2879	High	7.55.1	Does not affect Artifactory, since it only affects `Go`.
CVE-2022-42004	High	7.55.1	Does not affect Artifactory, since it only affects `jackson-databind`.
CVE-2022-42003	High	7.55.1	Does not affect Artifactory, since it only affects `jackson-databind`.
CVE-2022-25857	High	7.55.1	Does not affect Artifactory, since it only affects `SnakeYAML`.
CVE-2022-3171	High	7.55.1	Does not affect Artifactory, since it only affects `protobuf-java`.
CVE-2022-41720	High	7.55.1	Does not affect Artifactory, since it only affects `Go`.
CVE-2022-46175	High	7.55.1	Does not affect Artifactory, since it only affects `JSON5`.
CVE-2021-26291	Critical	7.53.1	Does not affect Artifactory, since it only affects `Apache Maven`.
CVE-2022-42898	High	7.53.1	Does not affect Artifactory, since it only affects `krb5-libs`.
CVE-2022-32149	High	7.53.1	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-23539 CVE-2022-23529	High	7.53.1	Does not affect Artifactory, since it only affects `jsonwebtoken`.
CVE-2022-4065	High	7.53.1	Does not affect Artifactory, since it only affects `testng`.
CVE-2022-41716	High	7.53.1	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-27664	High	7.53.1	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-31030	Medium	7.53.1	Does not affect Artifactory, since it only affects `Containerd`.
CVE-2022-41854	Medium	7.53.1	Does not affect Artifactory, since it only affects `SnakeYAML`.
CVE-2022-45047	Critical	7.52.0	Does not affect Artifactory, since it only affects `Apache MINA SSHD`.
CVE-2022-25857 CVE-2022-1471	High	7.52.0	Does not affect Artifactory, since it only affects `SnakeYAML`.
CVE-2022-1552	High	7.52.0	Does not affect Artifactory, since it only affects `Postgres`.
CVE-2022-27664	High	7.52.0	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-41720	High	7.52.0	Does not affect Artifactory, since it only affects `Golang`.
CVE-2022-28948	High	7.52.0	Does not affect Artifactory, since it only affects `Go-yaml`.
CVE-2021-33194	High	7.52.0	Does not affect Artifactory, since it only affects `golang.org/x/net`.
CVE-2022-39271 GHSA-c6hx-pjc3-7fqr	High	7.52.0	Does not affect Artifactory, since it only affects `traefik`.
CVE-2022-31159	High	7.52.0	Does not affect Artifactory, since it only affects `aws-java-sdk`.
CVE-2022-40716	Medium	7.52.0	Does not affect Artifactory, since it only affects `hashicorp`.
CVE-2022-41915	Medium	7.52.0	Does not affect Artifactory, since it only affects `Netty`.
CVE-2022-38749	Medium	7.52.0	Does not affect Artifactory, since it only affects `SnakeYAML` and `common`.
CVE-2022-32190	Critical	7.50.3	Does not affect Artifactory, since it only affects `Go`
CVE-2022-37866	High	7.50.3	Doesn't affect Artifactory, since it only affects `org.apache.ivy:ivy`.
CVE-2022-31197	High	7.50.3	Doesn't affect Artifactory, since it only affects `org.postgresql:postgresql`.
CVE-2016-5425 CVE-2016-6325	High	7.50.3	Doesn't affect Artifactory, since it only affects `tomcat-jdbc`.
CVE-2022-42003 CVE-2022-42004	High	7.49.3	Doesn't affect Artifactory, since it only affects `java commons`.
CVE-2022-25857	High	7.49.3	Does not affect Artifactory, since it only affects Upgraded `snakeyaml`
CVE-2022-40151	High	7.49.3	Does not affect Artifactory, since it only affects `woodstox-core`
CVE-2022-32149	High	7.49.3	Does not affect Artifactory, since it only affects `golang`
CVE-2022-27664	High	7.49.3	Does not affect Artifactory, since it only affects `Go`
GHSA-3mc7-4q67-w48m GHSA-98wm-3w3q-mw94 GHSA-9w3m-gqgf-c4p9 GHSA-c4r9-r8fh-9vj2 GHSA-hhhw-99gj-p3c3	High	7.49.3	Does not affect Artifactory, since it only affects `snakeyaml`
CVE-2022-3171	High	7.49.3	Does not affect Artifactory, since it only affects `protobuf-java`
CVE-2022-42003 CVE-2022-42004 GHSA-jjjh-jjxp-wpff GHSA-rgv9-q543-rqg4	High	7.49.3	Does not affect Artifactory, since it only affects `jackson-databind`
CVE-2022-29526	Medium	7.49.3	Does not affect Artifactory, since it only affects `yq`
CVE-2022-3171	Medium	7.49.3	Does not affect Artifactory, since it only affects `io.grpc::grpc-*`
CVE-2022-36033	Medium	7.49.3	Does not affect Artifactory, since it only affects `jsoup`
CVE-2022-38752	Medium	7.49.3	Does not affect Artifactory, since it only affects `commons`
CVE-2022-1348	Medium	7.49.3	Does not affect Artifactory, since it only affects `logrotate`
CVE-2019-20444 CVE-2019-20445 CVE-2019-16869	Critical	7.47.7	Does not affect Artifactory, since it only affects`software.amazon.awssdk:licensemanager`.
CVE-2021-26291	Critical	7.47.7	Does not affect Artifactory, since it only affects `org.apache.maven.maven-project`.
CVE-2022-1962 CVE-2022-28131 CVE-2022-30633 CVE-2022-30635	Critical	7.47.7	Does not affect Artifactory, since it only affects `snakeyaml`.
CVE-2021-44906	High	7.47.7	Does not affect Artifactory, since it only affects `grpc-tools`.
CVE-2021-3807	High	7.47.7	Does not affect Artifactory, since it only affects `grpc-tools and` `grpc_tools_node_protoc_ts`.
CVE-2022-25857	High	7.47.7	Does not affect Artifactory, since it only affects `snakeyaml`.
CVE-2022-22970	High	7.46.3	Does not affect Artifactory, since it only affects `org.springframework:spring-beans`.
CVE-2022-24823	Medium	7.47.7	Does not affect Artifactory, since it only affects `io.netty`.
CVE-2020-7789	Medium	7.47.7	Does not affect Artifactory, since it only affects `grpc-tools and` `grpc_tools_node_protoc_ts`.
CVE-2022-0235	Medium	7.47.7	Does not affect Artifactory, since it only affects `grpc-tools` and `grpc_tools_node_protoc_ts`.
CVE-2022-30187	Medium	7.47.7	Does not affect Artifactory, since it only affects`azure-storage-blob` `andv azure-core-http-okhttp`.
CVE-2020-7608	Medium	7.47.7	Does not affect Artifactory, since it only affects grpc-tools and `grpc_tools_node_protoc_ts`.
CVE-2022-25878	Medium	7.47.7	`Does not affect Artifactory, since it only affects grpc-tools` and `grpc_tools_node_protoc_ts`.
CVE-2022-27191	Medium	7.47.7	Does not affect Artifactory, since it only affects `grpc-tools` and `http://grpc_tools_node_protoc_ts.golang.org/x/crypt`.
CVE-2022-27191	Medium	7.46.3	Does not affect Artifactory, since it only affects `golang.org/x/crypto/ssh` .
CVE-2022-31030	Medium	7.46.3	Does not affect Artifactory, since it only affects `containerd.`
CVE-2022-22968	Medium	7.46.3	Does not affect Artifactory, since it only affects `org.springframework:spring-context.`
CVE-2022-31197	Medium	7.46.3	Does not affect Artifactory, since it only affects `org.postgresql:postgresql.`
CVE-2021-37136 CVE-2021-37137	Critical	7.46.3	Does not affect Artifactory, since it only affects `io.netty:netty-codec:4.1.63.`
CVE-2020-36518	High	7.46.3	Does not affect Artifactory, since it only affects `jackson-databind.`
CVE-2022-22963	Critical	7.46.3	Does not affect Artifactory, since it only affects `spring-core`5.3.18.
CVE-2022-2048	High	7.46.3	Does not affect Artifactory, since it only affects `org.eclipse.jetty.`
CVE-2022-31159	High	7.46.3	Does not affect Artifactory, since it only affects `aws-java-sdk.`
CVE-2021-3807	High	7.46.3	Does not affect Artifactory, since it only affects `jest-junit`and`ansi-regex.`
CVE-2020-28469	High	7.46.3	Does not affect Artifactory, since it only affects `glob-parent.`
CVE-2021-20066	Medium	7.46.3	Does not affect Artifactory, since it only affects `jest.`
CVE-2022-0235	Medium	7.46.3	Does not affect Artifactory, since it only affects `grpc-tools.`
CVE-2020-7608	Medium	7.46.3	Does not affect Artifactory, since it only affects `yargs` and `yargs-parser.`
CVE-2022-22950	Medium	7.46.3	Does not affect Artifactory, since it only affects `org.springframework:spring-expression`.
CVE-2021-22096 CVE-2021-22060	Medium	7.46.3	Does not affect Artifactory, since it only affects `org.spring framework:spring-core.`
CVE-2022-24823	Medium	7.46.3	Does not affect Artifactory, since it only affectsio.netty:netty-common.
CVE-2018-25031 CVE-2021-46708	Medium	7.46.3	Does not affect Artifactory, since it only affects `com.github.tomakehurst:wiremock-jre8.`
CVE-2021-43797	Medium	7.46.3	Does not affect Artifactory, since it only affects `io.netty:netty-codec-http.`
CVE-2022-1962 CVE-2022-28131 CVE-2022-30633 CVE-2022-30635	Critical	7.46.3	Does not affect Artifactory, since it only affects `github.com/golang/go.`
CVE-2022-22971	Critical	7.42.1	Does not affect Artifactory, since it only affects `spring-core.`
CVE-2020-36518	High	7.42.1	Does not affect Artifactory, since it only affects `fasterxml.jackson.version.`
CVE-2020-36518	High	7.41.4	Does not affect Artifactory, since it only affects `jackson-databind.`
CVE-2022-24823	Medium	7.41.4	Does not affect Artifactory, since it only affects `netty-common.`
CVE-2021-3859	High	7.41.4	Does not affect Artifactory, since it only affects `Red Hat` `undertow-core.`
CVE-2022-22963	Critical	7.41.4	Does not affect Artifactory, since it only affects`spring-core.`
CVE-2021-22119	High	7.41.4	Does not affect Artifactory, since it only affects`spring-security-oauth2.`
CVE-2022-23632	Critical	7.39.4	Does not affect Artifactory, since it only affects`Traefik.`
CVE-2022-29153	High	7.39.4	Does not affect Artifactory, since it only affects `consul.`
CVE-2022-24769	Medium	7.39.4	Does not affect Artifactory, since it only affects`containerd.`
CVE-2022-27191	High	7.39.4	Does not affect Artifactory, since it only affects`golang.org/x/crypto/ssh.`
CVE-2022-23648	High	7.39.4	Does not affect Artifactory, since it only affects to `containerd.`
CVE-2022-0536	Medium	7.39.4	Does not affect Artifactory, since it only affects `nodejs` clients's `axios.`
CVE-2021-43797	Medium	7.37.13	Does not affect Artifactory, since it only affects `Netty.`
CVE-2021-3807	High	7.37.13	Does not affect Artifactory, since it only affects `ansi-regex.`
CVE-2022-23806	Critical	7.37.13	Does not affect Artifactory, since it only affects `Curve.IsOnCurve in crypto/elliptic in Go.`
CVE-2021-41090	Medium	7.35.1	Does not affect Artifactory, since it only affects`docker and` `image-spec.`
CVE-2021-22060	Medium	7.34.4	Does not affect Artifactory, since it only affects org.springframework:spring-core:5.3.12.
CVE-2021-42550	Medium	7.31.10	Does not affect Artifactory, since it only affects `logback.xml.`
CVE-2017-9506	Medium	7.31.10	Does not affect Artifactory, since it only affects `IconUriServlet of the Atlasssian OAuth Plugin.`
CVE-2015-2575	Medium	7.31.10	Does not affect Artifactory, since it only affects mysql:mysql-connector-java:8.0.20.
CVE-2021-42340	High	7.31.10	Does not affect Artifactory, since it only affects the Apache Tomcat versions: 9.0.48 and 8.5.73.
CVE-2020-13949	High	7.31.10	Does not affect Artifactory, since it only affects the `jaege`r 1.6.0 which uses `Thrift` 0.14.1.
CVE-2021-35560 CVE-2021-35550 CVE-2021-35556 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603	High	7.31.10	Does not affect Artifactory, since they only affect Java.
CVE-2021-36374	Medium	7.31.10	Does not affect Artifactory, since it only affects the`Apache ant-1.9.15.`
CVE-2021-33037	Medium	7.27.3	Does not affect Artifactory, since it only affects the Apache Tomcat.
CVE-2021-22147	High	7.27.3	Does not affect Artifactory, since it only affects the`org.elasticsearch:elasticsearch`.
CVE-2021-22148	High	7.27.3	Does not affect Artifactory, since it only affects the`org.elasticsearch:elasticsearch`.
CVE-2021-22149	High	7.27.3	Does not affect Artifactory, since it only affects the`org.elasticsearch:elasticsearch.`
CVE-2021-30129	High	7.25.4	Does not affect Artifactory, since it only affects the `org.apache.sshd:sshd-core:2.6.0.`
CVE-2017-18640	High	7.25.4	Does not affect Artifactory, since it only affects the `Snakeyaml 1.23 XML Entity Expansion.`
CVE-2021-27568	Critical	7.25.4	Does not affect Artifactory, since it only affects the `json-smart-1.3.1.`
CVE-2021-27568	Critical	7.25.4	Does not affect Artifactory, since it only affects the `json-smart-1.3.1.`
CVE-2021-26291	Normal	7.24.1	Does not affect Artifactory, since it only affects the Maven version 3.8.1.
CVE-2021-13936	High	7.24.1	Does not affect Artifactory, since it only affects the Apache Velocity engine.
CVE-2018-9116	Critical	7.23.3	Does not affect Artifactory, since it only affects `wiremock`.
CVE-2021-29505	Critical	7.21.3	Does not affect Artifactory, since it only affects `XStream`.
CVE-2021-26291	High	7.21.3	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2021-21290	Medium	7.21.3	Does not affect Artifactory, since it only affects `netty-codec-http:4.1.53.final.`
CVE-2020-17521	Medium	7.21.3	Does not affect Artifactory, since it only affects `org.codehaus.groovy:groovy-all.`
CVE-2021-22112	High	7.17.4	Does not affect Artifactory, since it only affects `Spring Security Web.`
CVE-2019-17571	Medium	7.15.3	Does not affect Artifactory, since it only affects `log4j-to-slf4j` and `log4j-api.`
CVE-2016-10750	High	7.11.1	Does not affect Artifactory, since it only affects `hazelcast-3.6.1.jar`
CVE-2017-7657	Medium	7.11.1	Does not affect Artifactory, since it only affectsO`rg.eclipse.jetty:jetty-http`
CVE-2017-1000487	High	7.11.1	Does not affect Artifactory, since it only affects `Plexus-utils.`
CVE-2020-25649	High	7.11.1	Does not affect Artifactory, since it only affects `fasterxml.jackson.version`.
CVE-2019-17359	High	7.10.5	Does not affect Artifactory, since it only affects `bcprov-jdk15.`
CVE-2020-7226	High	7.10.5	Does not affect Artifactory, since it only affects at `cryptacular-1.1.1.jar.`
CVE-2020-7692	Critical	7.10.2	Does not affect Artifactory, since it only affects `google-oauth-client` library.
CVE-2019-12402	Medium	7.10.1	Does not affect Artifactory, since it only affects `Commons-compress` library.
CVE-2019-12402	Medium	7.10.1	Does not affect Artifactory, since it only affects `Commons-compress` library.
CVE-2020-15586 golang.org/issue/34902	High	7.10.1	Does not affect Artifactory, since it only affects `Go` 1.14.9.
CVE-2019-20104	High	7.10.1	Does not affect Artifactory, since it only affects `Crowd lib`.
CVE-2017-7957	High	7.10.1	Does not affect Artifactory, since it only affects `XStream`.
CVE-2016-3674	High	7.10.1	Does not affect Artifactory, since it only affects `XStream`.
CVE-2013-7285	Critical	7.10.1	Does not affect Artifactory, since it only affects `XStream`.
CVE-2020-8203	High	7.9.0	Does not affect Artifactory, since it only affects lodash.
CVE-2020-1745	Critical	7.9.0	Does not affect Artifactory, since it only affects `io.undertow:undertow-core / 2.0.15.Final.`
CVE-2017-15095	Critical	7.8.1	Does not affect Artifactory, since it only affects `fge:jackson-coreutils:jar`.
CVE-2017-17485	Critical	7.8.1	Does not affect Artifactory, since it only affects `fge:jackson-coreutils:jar`.
CVE-2017-7525	Critical	7.8.1	Does not affect Artifactory, since it only affects `fge:jackson-coreutils:jar`.
CVE-2020-13935	High	7.7.0	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2020-13934	High	7.7.0	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2020-11996	High	7.7.0	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2020-28500 CVE-2020-8203 CVE-2021-23337	Critical	6.23.25	Does not affect Artifactory, since it only affects `npm lodash` library
CVE-2022-46337	High	N/A	Does not affect Artifactory, as it only affects `derby`. While the usage of the vulnerable version of derby is found, it is not exploitable because it requires administrative access to the machine and the attributes in `system.yaml`. Furthermore, the usage of the Derby database isn’t intended for production setups, it is used as a local database mostly for testing and small-scale installations.
CVE-2022-42252	High	N/A	Does not affect Artifactory, since it only affects `Apache Tomcat`.
CVE-2022-30591	High	N/A	JFrog Artifactory is not affected, since it does not use the `quic-go` through 0.27.0.
CVE-2022-42889	Critical	N/A	JFrog Platformis not affected, since it does not use the impacted packages.
CVE-2016-1000027	Critical	N/A	Does not affect Artifactory, since it does not use the impacted `HttpInvokerServiceExporter` component for providing remote access.
CVE-2022-34305	Medium	N/A	Does not affect Artifactory, since it does not use the impacted component that is included in the Apache Tomcat version.
CVE-2022-29885	High	N/A	Does not affect Artifactory, since it does not use the impacted component that is included in the Apache Tomcat version.
CVE-2018-10892	High	N/A	Does not affect Artifactory, since only `Traefik` uses it, and thereby applies only if the Docker Provider is turned on, which is not the case in Artifactory.
CVE-2020-0187	Medium	N/A	Does not affect Artifactory, since it only affects the Android Platform.
CVE-2020-0187	Medium	N/A	Does not affect Artifactory, since it only affects the Android Platform.
N/A	Medium	N/A	Does not affect Artifactory, as it applies only when using Apache Sling which is not the case in Artifactory.
N/A	Medium	N/A	Does not affect Artifactory, since it only affects `SSLServerSocketAppender` and `{{SSLSocketAppender}}`
CVE-2017-7536	High	N/A	Does not affect Artifactory, since Artifactory is not using `org.hibernate_hibernate-validator`.
CVE-2020-9484	High	N/A	Does not affect Artifactory, since the vulnerability is exploitable in case Tomcat is configured with PersistenceManager, which Artifactory does not use.
CVE-2019-11888	High	N/A	This CVE supposedly affects Artifactory 6.x versions. The `golang/go` library is part of the Metadata Service which is not enabled in Artifactory 6.x version.
CVE-2019-14809	High	N/A	This CVE supposedly affects Artifactory 6.x versions. The `golang/go` library is part of the Metadata Service which is not enabled in Artifactory 6.x version.
CVE-2019-0232	High	N/A	The `enableCmdLineArguments` parameter is not enabled in the Apache Tomcat bundled with Artifactory.
CVE-2018-8014	High	N/A	The JFrog Apache Tomcat version is 8.5.32, which is not one of the vulnerable versions.
CVE-2018-1275	High	N/A	The JFrog `Spring Framework` version is 4.1.8, which is vulnerable to the CVE, as the version is unsupported. However, because JFrog does not implement STOMP broker, we are not exposed to this vulnerability
CVE-2018-8589	Medium	N/A	JFrog is not responsible for vulnerabilities in the Windows operating system. Anyone using an on-premises environment should keep the Windows operating system up to date.
CVE-2018-11776	High	N/A	Does not affect Artifactory, since JFrog does not use Apache Struts.
CVE-2018-5925	High	N/A	Does not affect Artifactory, since the issue relates to certain HP Inkjet printers and is not relevant to JFrog.
CVE-2018-5924	High	N/A	Does not affect Artifactory, since the issue relates to certain HP Inkjet printers and is not relevant to JFrog.
CVE-2018-5382	High	N/A	Does not affect Artifactory, since JFrog does not use `BKS-V1 keystore`.
CVE-2018-1260	High	N/A	Does not affect Artifactory, since JFrog does not use `Spring Security Oauth`.
CVE-2018-1259	High	N/A	Does not affect Artifactory, since JFrog does not use `Spring Data Commons`.
CVE-2017-5664	High	N/A	Does not affect Artifactory, since the default value for the `readOnly` property in the DefaultServlet is "`true" (readOnly=true)` in our environment. As mentioned in the CVE, you are only vulnerable: "...if the DefaultServlet is configured to permit writes..."
CVE-2017-5648	Critical	N/A	Does not affect Artifactory, since the the `tomcat/webapps` folder only contains the Artifactory WAR and the Access WAR files used by the bundled Tomcat distribution.
CVE-2017-5647	High	N/A	Does not affect Artifactory, since the issue refers/relates only to the "Send File" service which is not used by Artifactory.
CVE-2017-5638	Critical	N/A	Artifactory is not affected by the Apache Struts 2 vulnerability.
CVE-2014-0097	High	N/A	For LDAP authentication, Artifactory strictly uses the `ArtifactoryLdapAuthenticationProvider` class that uses the `ArtifactoryLdapAuthenticator`, wrapping the `ArtifactoryBindAuthenticator`. The latter class is the one used to perform the actual authentication and it does check for empty passwords. Artifactory does not use any other provider with LDAP, such as `ActiveDirectoryLdapAuthenticationProvider`. This JIRA issue refers to an older class name, `ActiveDirectoryLdapAuthenticator`, that is not part of Spring Security and Artifactory.
CVE-2008-4108	High	N/A	Does not affect Artifactory, since Artifactory Jfrog does not require Python to be installed; the CVE is not relevant for Jfrog.
CVE-2005-2541	High	N/A	Does not affect Artifactory, since Artifactory uses `Tar` 1.30.1.