Merge pull request wolfi-dev#848 from wolfi-dev/feature/management-ap…

…i-for-apache-cassandra

management-api-for-apache-cassandra

management-api-for-apache-cassandra.advisories.yaml

@@ -0,0 +1,102 @@
+schema-version: 2.0.2
+
+package:
+  name: management-api-for-apache-cassandra
+
+advisories:
+  - id: CVE-2020-36518
+    aliases:
+      - GHSA-57j2-w4cx-62h2
+    events:
+      - timestamp: 2024-01-14T18:15:03Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2021-46877
+    aliases:
+      - GHSA-3x8x-79m2-3w2w
+    events:
+      - timestamp: 2024-01-14T18:14:57Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-1471
+    aliases:
+      - GHSA-mjmj-j48q-9wg2
+    events:
+      - timestamp: 2024-01-14T18:25:44Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.11' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-25857
+    aliases:
+      - GHSA-3mc7-4q67-w48m
+    events:
+      - timestamp: 2024-01-14T18:21:41Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-38749
+    aliases:
+      - GHSA-c4r9-r8fh-9vj2
+    events:
+      - timestamp: 2024-01-14T18:22:30Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-38750
+    aliases:
+      - GHSA-hhhw-99gj-p3c3
+    events:
+      - timestamp: 2024-01-14T18:22:40Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-38751
+    aliases:
+      - GHSA-98wm-3w3q-mw94
+    events:
+      - timestamp: 2024-01-14T18:22:10Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-38752
+    aliases:
+      - GHSA-9w3m-gqgf-c4p9
+    events:
+      - timestamp: 2024-01-14T18:22:20Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-41854
+    events:
+      - timestamp: 2024-01-14T18:26:02Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.10' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-42003
+    aliases:
+      - GHSA-jjjh-jjxp-wpff
+    events:
+      - timestamp: 2024-01-14T18:15:07Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"
+
+  - id: CVE-2022-42004
+    aliases:
+      - GHSA-rgv9-q543-rqg4
+    events:
+      - timestamp: 2024-01-14T18:15:11Z
+        type: pending-upstream-fix
+        data:
+          note: "To fix the CVE, we have to upgrade 'swagger-jaxrs2' to '2.2.0' or later but this fix will require some code change since the upgrade cause to build fail due to compilation errors like: 'src/main/java/com/datastax/mgmtapi/resources/LifecycleResources.java:[425,28] cannot access com.fasterxml.jackson.core.exc.StreamWriteException'"