CVEs Not Impacting Pipelines

JFrog Release Information
ft:sourceType
Paligo

The following is a list of CVEs that do not impact Pipelines.

CVE

Severity

Pipelines Fix Version

Reason

CVE-2023-42364

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-42366

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-42365

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-42363

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-46218

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-47124

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-47106

Medium

1.57.0

Does not affect Pipelines.

CVE-2023-47633

High

1.54.0

Does not affect Pipelines.

CVE-2023-48795

Medium

1.54.0

Does not affect Pipelines.

CVE-2023-45283

High

1.54.0

Does not affect Pipelines.

CVE-2022-23806

High

1.53.0

Does not affect Pipelines.

CVE-2023-29406

Medium

1.46.2

Does not affect Pipelines.

CVE-2023-2253

High

1.43.0

Does not affect Pipelines.

CVE-2023-2253

Medium

1.42.0

Does not affect Pipelines. Upgraded Docker compose and Docker buildx.

CVE-2023-28840

High

1.41.1

Does not affect Pipelines.

CVE-2023-23919

High

1.41.1

Does not affect Pipelines.

CVE-2023-1732

High

1.41.1

Does not affect Pipelines.

CVE-2022-25881

High

1.41.1

Does not affect Pipelines.

CVE-2022-23471

Medium

1.39.1

Does not affect Pipelines. Upgraded Docker engine version.

CVE-2022-41724

High

1.39.1

Does not affect Pipelines. Upgraded Golang version.

CVE-2021-43138

High

N/A

Does not affect Pipelines. Removed an unnecessary dependency from the Pipelines build agent.

CVE-2021-41248

High

N/A

Does not affect Pipelines. Removed an unnecessary dependency from the Pipelines build agent.

CVE-2022-32212

High

1.25.1

Upgraded Node.js to version 16.16.0.

CVE-2022-32213

Critical

1.25.1

Upgraded Node.js to version 16.16.0.

CVE-2022-32214

Critical

1.25.1

Upgraded Node.js to version 16.16.0.

CVE-2022-32215

Critical

1.25.1

Upgraded Node.js to version 16.16.0.

CVE-2022-32223

High

1.25.1

Upgraded Node.js to version 16.16.0.

CVE-2021-23343

High

1.20.2

Does not affect Pipelines, since path-parse is not used by Pipelines.

CVE-2021-3918

Critical

1.20.2

Does not affect Pipelines. Though the vulnerable library json-schema is a sub-dependency of request@ 2.88.2, the vulnerable function validate is not called from request.

CVE-2021-23358

High

1.20.2

Does not affect Pipelines, since underscore@1.4.4 is a submodule of ssh-keygen and Pipelines is not calling the vulnerable template function.

CVE-2022-25648

High

N/A

Does not impact Pipelines as core services control what commands are passed in to the git command.