CVEs Not Impacting Insight

JFrog Release Information

ft:sourceType
Paligo

CVE

Severity

Insight Fix Version

Reason

CVE-2021-41182

CVE-2021-41183

CVE-2021-41184

Medium

1.16.6

Does not affect Insight, since it only affects JQuery UI.

CVE-2023-45648

CVE-2023-42795

Medium

1.16.5

Does not affect Insight, since it only affects Apache Tomcat.

CVE-2023-32731

High

1.16.5

Does not affect Insight, since it only affects grpc.

CVE-2022-41946

Medium

1.13.4

Upgraded PostgreSQL JDBC Driver (pgjdbc) from version 42.4.3 from version 42.4.1.

CVE-2022-41915

High

1.13.3

Upgraded netty-codec-http from 4.1.68.Final to 4.1.86.Final.

CVE-2022-42003

High

N/A

Upgraded jackson-databind to version 2.13.4.1.

CVE-2022-3171

High

N/A

Does not affect Insight, since it only affects protobuf-java.

CVE-2022-42252

High

N/A

Upgraded Tomcat to version 9.0.69.

CVE-2019-13990

High

N/A

Upgraded quartz-scheduler to version 2.3.2.

CVE-2022-25857

High

1.12.1

SnakeYAML has been upgraded from version 1.30 to version 1.31.

CVE-2022-31197

High

1.12.0

PostgreSQL JDBC Driver (pgjdbc) has been upgraded from version 42.3.3 to version 42.4.1

CVE-2022-23708

Medium

1.11.3

Elasticsearch has been upgraded from version 7.16.3 to version 7.17.1.

CVE-2021-31684

High

1.5.0

Upgraded json-smart to version 1.3.3.

CVE-2021-21290

Medium

1.4.0

Upgraded netty-codec-http:4.1.53.final to 4.1.59.Final.

CVE-2022-22970

Medium

1.11.3

spring-bootcore, has been upgraded from version 2.6.7 to version 2.7.0.

CVE-2022-22968

High

1.10.2

spring-bootcore, has been upgraded from version 2.6.6 to version 2.6.7.

CVE-2020-36518

High

1.10.1

jackson-databind, has been upgraded to version 2.13.2.1.

CVE-2022-22965

Critical

1.8.1

sprint-bootcore, has been upgraded from version 2.6.2 to version 2.6.6.

CVE-2022-21724

Critical

1.6.2

pgjdbc, the official PostgreSQL JDBC Driver, has been upgraded to version 42.2.25.

CVE-2021-22569

High

1.6.2

The protobuf-java component has been upgraded to version 3.19.2.

CVE-2020-25649

High

N/A

Searchguard TLS Tool that uses the library is only used locally by system administrators for generating TLS certificates during an installation. Thus, it only runs on trusted data and can thus be not affected by this vulnerability.