Get Vulnerability Updates

Data for SBOM Document ID: e6545de4-81a1-43a5-b212-076a02b32dc5

Key Value
Timestamp 2023-09-06T08:55:46-04:00
Signature unsigned
Tool Vendor: anchore
Name: syft
Version: 0.54.0
Component bom-ref: af63bd4c8601b7f1
Type: file
Name: .
Total Components

977

6.14 / 10

Vulnerability Severity Distribution

Total Vulnerabilities

933

Critical

319

High

427

Medium

139

Low

48

None

0

GHSA-rfx6-vp9g-rh7v
Severity: Critical

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist ...

GHSA-7rjr-3q55-vv33
Severity: Critical

Incomplete fix for Apache Log4j vulnerability...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

GHSA-gjmw-vf9h-g25v
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-fjq5-5j5f-mvxh
Severity: Critical

Deserialization of Untrusted Data in Apache commons collections...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-6fpp-rgj9-8rwc
Severity: Critical

Deserialization of untrusted data in FasterXML jackson-databind...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-fmmc-742q-jg75
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-rfx6-vp9g-rh7v
Severity: Critical

jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist ...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-f3j5-rmmp-3fc5
Severity: Critical

Improper Input Validation in jackson-databind...

GHSA-fmmc-742q-jg75
Severity: Critical

jackson-databind polymorphic typing issue...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

GHSA-h822-r4r5-v8jg
Severity: Critical

Polymorphic Typing issue in FasterXML jackson-databind...

Structural

Average: 10.0

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.4 and versions: 1.0,1.1,1.2,1.3,1.4 10.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 6.5

# Description Score Score Progress
1 0/978 have supplier names 0.0
2 978/978 have names 10.0
3 508/978 have versions 5.2
4 978/978 have unique ID's 10.0
5 doc has 0 relationships 0.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-09-06T08:55:46-04:00 10.0

Semantic

Average: 3.3

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 0/978 have licenses 0.0
3 0/978 have checksums 0.0

Quality

Average: 5.7

# Description Score Score Progress
1 0/978 components with valid license 0.0
2 978/978 components have primary purpose specified 10.0
3 no licenses found 0.0
4 no licenses found 0.0
5 976/978 components have any lookup id 10.0
6 967/978 components have multiple lookup id 9.9
7 1/1 tools have creator and version 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0