Security Scan Report

Service: eizen-abb-edge | Branch: vulnerability-scans | Build: #15 | Date: 2026-02-07 16:11:58
3
Critical
16
High
8
Medium
3
Low

LLM Verification Summary

Model: qwen3:14b | Verified: 30/30
TRUE Positives: 1 FALSE Positives: 8 Needs Review: 21
CRITICAL OWASP-DC CVE-2025-49844: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 an FALSE POSITIVE
pkg:pypi/redis@5.0.1:0 CVE-2025-49844 | CVSS: 9.9 | CWE-416
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigg
LLM Analysis: The CVE-2025-49844 reference is invalid as CVE identifiers cannot contain future years. This appears to be a tool-generated false positive due to incorrect CVE metadata mapping.
Recommendation: Verify the CVE details through official sources (e.g., NVD) and update the tool configuration to avoid future false positives from invalid CVE references.
CRITICAL OWASP-DC CVE-2019-20478: In ruamel.yaml through 0.16.7, the load method allows remote code execution if the a NEEDS REVIEW
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2019-20478 | CVSS: 9.8 | CWE-NVD-CWE-noinfo
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unawa
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
CRITICAL OWASP-DC CVE-2023-30859: Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your TRUE POSITIVE
pkg:pypi/triton@3.5.1:0 CVE-2023-30859 | CVSS: 9.8 | CWE-419
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you en
LLM Analysis: CVE-2023-30859 is a real vulnerability in Triton allowing command execution via CustomPayload packets. The code snippet references the vulnerable functionality directly.
Recommendation: Upgrade Triton to a version patched against CVE-2023-30859 (minimum version 3.6.0 or later). Validate plugin versions using official repositories.
HIGH OWASP-DC CVE-2024-31449: Redis is an open source, in-memory database that persists on disk. An authenticated NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2024-31449 | CVSS: 8.8 | CWE-20
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potenti
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-46817: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 an NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2025-46817 | CVSS: 8.8 | CWE-190
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potential
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-32023: Redis is an open source, in-memory database that persists on disk. From 2.8 to befor FALSE POSITIVE
pkg:pypi/redis@5.0.1:0 CVE-2025-32023 | CVSS: 7.8 | CWE-680
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
HIGH OWASP-DC CVE-2019-14751: NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attack NEEDS REVIEW
pkg:pypi/nltk:0 CVE-2019-14751 | CVSS: 7.5 | CWE-22
NLTK Downloader before 3.4.5 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in an NLTK package (ZIP archive) that is mishandled during ex
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-3828: nltk is vulnerable to Inefficient Regular Expression Complexity NEEDS REVIEW
pkg:pypi/nltk:0 CVE-2021-3828 | CVSS: 7.5 | CWE-697
nltk is vulnerable to Inefficient Regular Expression Complexity
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-3842: nltk is vulnerable to Inefficient Regular Expression Complexity NEEDS REVIEW
pkg:pypi/nltk:0 CVE-2021-3842 | CVSS: 7.5 | CWE-1333
nltk is vulnerable to Inefficient Regular Expression Complexity
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2021-43854: NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, NEEDS REVIEW
pkg:pypi/nltk:0 CVE-2021-43854 | CVSS: 7.5 | CWE-400
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulne
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-21605: Redis is an open source, in-memory database that persists on disk. In versions start FALSE POSITIVE
pkg:pypi/redis@5.0.1:0 CVE-2025-21605 | CVSS: 7.5 | CWE-770
Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the ser
LLM Analysis: The CVE-2025-21605 does not exist (CVE numbers are not issued for future years). The code snippet provided is incomplete and does not contain exploitable logic. The description appears to be a generic Redis vulnerability summary misapplied to the code.
Recommendation: Ignore this finding as it represents a tool误报 due to incorrect CVE mapping and incomplete analysis.
HIGH OWASP-DC CVE-2025-48367: Redis is an open source, in-memory database that persists on disk. An unauthenticate FALSE POSITIVE
pkg:pypi/redis@5.0.1:0 CVE-2025-48367 | CVSS: 7.5 | CWE-770
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of servic
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NEEDS REVIEW
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NEEDS REVIEW
pkg:pypi/ruamel.yaml@0.19.1:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or mem NEEDS REVIEW
pkg:pypi/yaml:0 CVE-2022-3064 | CVSS: 7.5 | CWE-400
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-46818: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 an NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2025-46818 | CVSS: 7.3 | CWE-94
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and po
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-46819: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 an FALSE POSITIVE
pkg:pypi/redis@5.0.1:0 CVE-2025-46819 | CVSS: 7.1 | CWE-125
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the ser
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
HIGH OWASP-DC CVE-2025-45770: jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disp NEEDS REVIEW
pkg:pypi/pyjwt@2.11.0:0 CVE-2025-45770 | CVSS: 7.0 | CWE-326
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is su
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
HIGH OWASP-DC CVE-2025-45770: jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disp FALSE POSITIVE
pkg:pypi/jwt:0 CVE-2025-45770 | CVSS: 7.0 | CWE-326
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is su
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
MEDIUM Bandit Possible binding to all interfaces. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/./src/api/edge_api.py:320
319 session_manager: SessionManager, 320 host: str = '0.0.0.0', 321 port: int = 8080, 322 device_id: str = "unknown", 323 config: Optional[Dict[str, Any]] = None 324 ): 325 self.session_manager = session_manager 326 self.host = host
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM Bandit Possible binding to all interfaces. FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/./src/config/constants.py:38
37 # ── API defaults ───────────────────────────────────────────────────────────── 38 DEFAULT_API_HOST: str = "0.0.0.0" 39 DEFAULT_API_PORT: int = 8096
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
MEDIUM Bandit Probable insecure usage of temp file/directory. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/./src/utils/machine_id_reader.py:250
249 # nosec: B108 - Intentional /tmp usage for Docker container host ID mounting 250 _tmp_base = "/tmp/hostid/" 251 _sys_dmi_base = "/sys/class/dmi/id/"
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM Bandit Possible binding to all interfaces. NEEDS REVIEW
/home/eizen-7/jenkins/workspace/new-scan/./src/utils/validation.py:189
188 189 if hostname in ('localhost', '127.0.0.1', '::1', '0.0.0.0') and not allow_private_ips: 190 return "Localhost addresses are not allowed"
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2024-31228: Redis is an open source, in-memory database that persists on disk. Authenticated use NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2024-31228 | CVSS: 6.5 | CWE-674
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NEEDS REVIEW
pkg:pypi/ruamel.yaml.clib@0.2.14:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NEEDS REVIEW
pkg:pypi/ruamel.yaml@0.19.1:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
MEDIUM OWASP-DC CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system NEEDS REVIEW
pkg:pypi/yaml:0 CVE-2021-4235 | CVSS: 5.5 | CWE-NVD-CWE-noinfo
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW Semgrep When `--extra-index-url` is used in a `pip install` command, this is usually meant to install a pac FALSE POSITIVE
/home/eizen-7/jenkins/workspace/new-scan/Dockerfile:26
requires login
LLM Analysis: LLM indicated false positive
Recommendation: Review manually
LOW OWASP-DC CVE-2023-45145: Redis is an in-memory database that persists on disk. On startup, Redis begins liste NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2023-45145 | CVSS: 3.6 | CWE-668
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2)
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required
LOW OWASP-DC CVE-2022-3647: ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Red NEEDS REVIEW
pkg:pypi/redis@5.0.1:0 CVE-2022-3647 | CVSS: 3.3 | CWE-404
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. Th
LLM Analysis: LLM verification inconclusive
Recommendation: Manual review required