Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

thingsboard advisories #7353

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

thingsboard advisories #7353

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions thingsboard.advisories.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:36:25Z
type: pending-upstream-fix
data:
note: This is a transitive dependency to wire schema which would have to be bumped across major versions (3.7.1-4.0.0)

- id: CGA-63mv-w982-8q6x
aliases:
Expand All @@ -39,6 +43,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:35:05Z
type: pending-upstream-fix
data:
note: This is a transitive dependency to azure-client-authentication which was last updated 3 years ago

- id: CGA-895x-8fhr-cfcr
aliases:
Expand All @@ -57,6 +65,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:34:15Z
type: pending-upstream-fix
data:
note: This vulnerability is present in 2 versions of json-smart, one of which is a transitive dependency to azure-client-authentication which was last updated 3 years ago, and the other is not present as a dependency but inside of a jar

- id: CGA-97fq-p5p8-prgr
aliases:
Expand All @@ -75,6 +87,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:35:57Z
type: pending-upstream-fix
data:
note: This vulnerability is present in 2 versions of json-smart, one of which is a transitive dependency to azure-client-authentication which was last updated 3 years ago, and the other is not present as a dependency but inside of a jar

- id: CGA-crm9-p3mr-qc4q
aliases:
Expand All @@ -93,6 +109,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:33:17Z
type: pending-upstream-fix
data:
note: This is a transitive dependency to wire-schema which would have to be bumped across major versions (3.7.1-4.0.0)

- id: CGA-gvqr-m7rp-72vj
aliases:
Expand All @@ -111,6 +131,10 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:36:49Z
type: pending-upstream-fix
data:
note: This is a transitive dependency to wire schema which would have to be bumped across major versions (3.7.1-4.0.0)

- id: CGA-xv4j-9m39-wrpw
aliases:
Expand All @@ -129,3 +153,7 @@ advisories:
componentType: java-archive
componentLocation: /usr/share/tb-mqtt-transport/bin/tb-mqtt-transport.jar
scanner: grype
- timestamp: 2024-09-03T17:40:12Z
type: pending-upstream-fix
data:
note: This CVE is a transitive dependency to spring. Bumping the entirety of spring causes issues with thingsboard-transport