Security review and follow up needed for reported Security Vulnerabilities

There are 4 HIGH and 8 MEDIUM security vulnerabilities reported in recent BlackDuck scan for 6.5 (Mad Hatter).  By drilling into BlackDuck you can see the components that use the vulnerable 3rd party code as well as the recommended version to upgrade to in order to alleviate the issues.

Attached is a screenshot of the report showing the 4 HIGH and 8 MEDIUM risk 3rd party components.

Please use https://blackduck.build.couchbase.com/ui/versions/id:89df6d53-92c8-4993-b8c9-2e2a0f6e735e/view:bom?filter=securityRisk%3Amedium&filter=securityRisk%3Acritical&filter=securityRisk%3Ahigh&sortField=projectName&ascending=true&offset=0&inUseOnly=true to assess each vulnerability and create tickets for build/component teams as needed to ensure these are addressed in Mad Hatter by RCs.  

The original request for this analysis was CBD-2989 back in June which I'll link so as not to have duplicate efforts and to ensure the most recent scan is used.   Since it is now late in the release cycle, marking this as critical and setting a due date for Security PM follow-up & for actionable tickets to be filed by Sept 24.