Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in cactus-whitepaper #2038

Closed
zondervancalvez opened this issue May 24, 2022 · 2 comments
Closed

fix(security): vulnerabilities found in cactus-whitepaper #2038

zondervancalvez opened this issue May 24, 2022 · 2 comments
Labels
dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in cactus-whitepaper image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2022-28391 busybox CRITICAL
CVE-2021-28831 busybox HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-42379 busybox HIGH
CVE-2021-42380 busybox HIGH
CVE-2021-42381 busybox HIGH
CVE-2021-42382 busybox HIGH
CVE-2021-42383 busybox HIGH
CVE-2021-42384 busybox HIGH
CVE-2021-42385 busybox HIGH
CVE-2021-42386 busybox HIGH
CVE-2020-35492 cairo HIGH
CVE-2020-35492 cairo-gobject HIGH
CVE-2022-22822 expat CRITICAL
CVE-2022-22823 expat CRITICAL
CVE-2022-22824 expat CRITICAL
CVE-2022-23852 expat CRITICAL
CVE-2022-23990 expat CRITICAL
CVE-2022-25235 expat CRITICAL
CVE-2022-25236 expat CRITICAL
CVE-2022-25315 expat CRITICAL
CVE-2021-45960 expat HIGH
CVE-2021-46143 expat HIGH
CVE-2022-22825 expat HIGH
CVE-2022-22826 expat HIGH
CVE-2022-22827 expat HIGH
CVE-2022-25314 expat HIGH
CVE-2022-27404 freetype CRITICAL
CVE-2021-43618 gmp HIGH
CVE-2021-20231 gnutls CRITICAL
CVE-2021-20232 gnutls CRITICAL
CVE-2022-1271 gzip HIGH
CVE-2021-3711 libcrypto1.1 CRITICAL
CVE-2021-3450 libcrypto1.1 HIGH
CVE-2021-3712 libcrypto1.1 HIGH
CVE-2022-0778 libcrypto1.1 HIGH
CVE-2021-33560 libgcrypt HIGH
CVE-2022-24407 libsasl HIGH
CVE-2021-3711 libssl1.1 CRITICAL
CVE-2021-3450 libssl1.1 HIGH
CVE-2021-3712 libssl1.1 HIGH
CVE-2022-0778 libssl1.1 HIGH
CVE-2021-31535 libx11 CRITICAL
CVE-2021-3517 libxml2 HIGH
CVE-2021-3518 libxml2 HIGH
CVE-2022-23308 libxml2 HIGH
CVE-2021-39537 ncurses-libs HIGH
CVE-2021-39537 ncurses-terminfo-base HIGH
CVE-2022-28391 ssl_client CRITICAL
CVE-2021-28831 ssl_client HIGH
CVE-2021-42378 ssl_client HIGH
CVE-2021-42379 ssl_client HIGH
CVE-2021-42380 ssl_client HIGH
CVE-2021-42381 ssl_client HIGH
CVE-2021-42382 ssl_client HIGH
CVE-2021-42383 ssl_client HIGH
CVE-2021-42384 ssl_client HIGH
CVE-2021-42385 ssl_client HIGH
CVE-2021-42386 ssl_client HIGH
CVE-2022-1271 xz HIGH
CVE-2022-1271 xz-libs HIGH
CVE-2018-25032 zlib HIGH
@petermetz petermetz added documentation Improvements or additions to documentation Security Related to existing or potential security vulnerabilities P3 Priority 3: Medium dependencies Pull requests that update a dependency file labels May 31, 2022
@petermetz
Copy link
Member

Setting this to P3 because the whitepaper builder container does not get deployed to production.

micoferdinand98 added a commit to micoferdinand98/cactus that referenced this issue Aug 25, 2022
@micoferdinand98
fix(security): vulnerabilities cactus-whitepaper Fixes hyperledger#2038
10fefa2 
Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
@micoferdinand98
Copy link
Contributor

Setting this to P3 because the whitepaper builder container does not get deployed to production.

Hello Peter is this ticket available? I'll take it Sir Peter

micoferdinand98 added a commit to micoferdinand98/cactus that referenced this issue Apr 12, 2023
@micoferdinand98
fix(security): vulnerabilities found in cactus-whitepaper
1d0776c 
Fixes hyperledger#2038

Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
@micoferdinand98 micoferdinand98 mentioned this issue Apr 12, 2023
Merged
micoferdinand98 added a commit to micoferdinand98/cactus that referenced this issue Apr 17, 2023
@micoferdinand98
fix(security): vulnerabilities found in cactus-whitepaper
2e32448 
Fixes hyperledger#2038

Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
micoferdinand98 added a commit to micoferdinand98/cactus that referenced this issue Apr 19, 2023
@micoferdinand98
fix(security): vulnerabilities found in cactus-whitepaper
1531584 
Fixes hyperledger#2038

Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
petermetz pushed a commit to micoferdinand98/cactus that referenced this issue Jun 13, 2023
@micoferdinand98 @petermetz
fix(security): vulnerabilities found in cactus-whitepaper
7710c9d 
Fixes hyperledger#2038

Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
petermetz pushed a commit to micoferdinand98/cactus that referenced this issue Jun 14, 2023
@micoferdinand98 @petermetz
fix(security): vulnerabilities found in cactus-whitepaper
2e05280 
Fixes hyperledger#2038

Signed-off-by: micoferdinand98 <ferdinand.m.b.mico@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation P3 Priority 3: Medium Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@petermetz @micoferdinand98 @zondervancalvez