stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
main
git.stella-ops.org/samples/reachability/openvex-affected-sample.json
StellaOps Bot 6e45066e37
Some checks failed
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Policy Simulation / policy-simulate (push) Has been cancelled
Details
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
up
2025-12-13 09:37:15 +02:00

87 lines
3.5 KiB
JSON
Raw Permalink Blame History

{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://stellaops.example/vex/2025-12-13/CVE-2021-44228-affected",
"author": "StellaOps Policy Engine",
"role": "automated-scanner",
"timestamp": "2025-12-13T10:00:00Z",
"version": 1,
"tooling": "StellaOps/1.0.0",
"statements": [
{
"vulnerability": {
"@id": "CVE-2021-44228",
"name": "CVE-2021-44228",
"description": "Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints."
},
"products": [
{
"@id": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd",
"identifiers": {
"purl": "pkg:oci/myapp@sha256:abc123def456789012345678901234567890123456789012345678901234abcd"
},
"subcomponents": [
{
"@id": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1",
"identifiers": {
"purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"
}
}
]
}
],
"status": "affected",
"justification": "vulnerable_code_in_container",
"impact_statement": "Vulnerable Log4j error() method is reachable from main entry point via processRequest(). Runtime probes confirm 47 invocations observed.",
"action_statement": "Upgrade to log4j 2.17.1 or later. As a workaround, set log4j2.formatMsgNoLookups=true.",
"stellaops:reachability": {
"state": "CR",
"state_description": "ConfirmedReachable",
"confidence": 0.92,
"graph_hash": "blake3:a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"graph_cas_uri": "cas://reachability/graphs/a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"dsse_uri": "cas://reachability/graphs/a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2.dsse",
"path": [
{
"symbol_id": "sym:java:bWFpbi0xMjM0NTY3ODkwYWJjZGVm",
"code_id": "code:java:Y29kZS1tYWluLTEyMzQ1Njc4OTBhYmM",
"display": "com.example.app.Main.main(String[])",
"purl": "pkg:maven/com.example/app@1.0.0"
},
{
"symbol_id": "sym:java:cHJvY2Vzc1JlcXVlc3QtYWJjZGVm",
"code_id": "code:java:Y29kZS1wcm9jZXNzLWFiY2RlZjEy",
"display": "com.example.app.RequestHandler.processRequest(HttpRequest)",
"purl": "pkg:maven/com.example/app@1.0.0"
},
{
"symbol_id": "sym:java:bG9nRXJyb3ItMTIzNDU2Nzg5MGFiY2Q",
"code_id": "code:java:Y29kZS1sb2ctMTIzNDU2Nzg5MGFiY2Q",
"display": "org.apache.logging.log4j.Logger.error(String, Object...)",
"purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1"
}
],
"path_length": 3,
"evidence": {
"static": {
"graph_hash": "blake3:a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"path_length": 3,
"confidence": 0.92
},
"runtime": {
"probe_id": "probe:jfr:scan-123-001",
"hit_count": 47,
"observed_at": "2025-12-13T09:45:00Z",
"observation_window": "24h"
}
},
"fact_digest": "sha256:e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6",
"fact_version": 3,
"analyzer": {
"name": "scanner.java",
"version": "1.2.0"
}
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink