Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in quorum-multi-party-all-in-one #2060

Closed
zondervancalvez opened this issue Jun 1, 2022 · 2 comments · Fixed by #2239
Closed

fix(security): vulnerabilities found in quorum-multi-party-all-in-one #2060

zondervancalvez opened this issue Jun 1, 2022 · 2 comments · Fixed by #2239
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced P4 Priority 4: Low Quorum Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in quorum-multi-party-all-in-one image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2022-28391 busybox CRITICAL
CVE-2021-28831 busybox HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-42379 busybox HIGH
CVE-2021-42380 busybox HIGH
CVE-2021-42381 busybox HIGH
CVE-2021-42382 busybox HIGH
CVE-2021-42383 busybox HIGH
CVE-2021-42384 busybox HIGH
CVE-2021-42385 busybox HIGH
CVE-2021-42386 busybox HIGH
CVE-2021-36222 krb5-libs HIGH
CVE-2021-41617 openssh-client HIGH
CVE-2021-41617 openssh-keygen HIGH
CVE-2021-3711 openssl CRITICAL
CVE-2021-3450 openssl HIGH
CVE-2021-3712 openssl HIGH
CVE-2022-0778 openssl HIGH
CVE-2022-28391 ssl_client CRITICAL
CVE-2021-28831 ssl_client HIGH
CVE-2021-42378 ssl_client HIGH
CVE-2021-42379 ssl_client HIGH
CVE-2021-42380 ssl_client HIGH
CVE-2021-42381 ssl_client HIGH
CVE-2021-42382 ssl_client HIGH
CVE-2021-42383 ssl_client HIGH
CVE-2021-42384 ssl_client HIGH
CVE-2021-42385 ssl_client HIGH
CVE-2021-42386 ssl_client HIGH
CVE-2022-1271 xz HIGH
CVE-2022-1271 xz-libs HIGH
CVE-2018-25032 zlib HIGH
CVE-2021-32810 crossbeam-deque CRITICAL
CVE-2022-24713 regex HIGH
CVE-2022-24713 regex HIGH
@petermetz petermetz added dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities P4 Priority 4: Low Quorum good-first-issue Good for newcomers good-first-issue-300-advanced labels Jun 2, 2022
@petermetz
Copy link
Member

P4 because the Quourm AIO images are not meant to be used in production.

@aldousalvarez
Copy link
Contributor

@petermetz Hello, Can you assign me on this one? Thank you so much

aldousalvarez added a commit to aldousalvarez/cactus that referenced this issue Dec 23, 2022
@aldousalvarez
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
efcf2e0 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
@aldousalvarez aldousalvarez mentioned this issue Dec 23, 2022
Merged
aldousalvarez added a commit to aldousalvarez/cactus that referenced this issue Dec 23, 2022
@aldousalvarez
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
dc1e391 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez added a commit to aldousalvarez/cactus that referenced this issue Jan 3, 2023
@aldousalvarez
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
26f10ae 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez added a commit to aldousalvarez/cactus that referenced this issue Jan 5, 2023
@aldousalvarez
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
1f71bab 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
petermetz pushed a commit to aldousalvarez/cactus that referenced this issue Jan 25, 2023
@aldousalvarez @petermetz
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
3770c1b 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
petermetz pushed a commit to aldousalvarez/cactus that referenced this issue Mar 28, 2023
@aldousalvarez @petermetz
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
f164817 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz pushed a commit to aldousalvarez/cactus that referenced this issue Mar 29, 2023
@aldousalvarez @petermetz
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
7801199 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz pushed a commit to aldousalvarez/cactus that referenced this issue Mar 31, 2023
@aldousalvarez @petermetz
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
aac8628 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Apr 2, 2023
@aldousalvarez @sandeepnRES
fix(security): vulnerabilities found in quorum-multi-party-all-in-one
9a924e2 
Fixes hyperledger#2060

Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced P4 Priority 4: Low Quorum Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(security): vulnerabilities found in quorum-multi-party-all-in-one aldousalvarez/cactus
3 participants
@petermetz @zondervancalvez @aldousalvarez