fix(tools/quorum-all-in-one): address CVE-2021-36159 and CVE-2022-28391 #2240
Commits on Apr 6, 2023
-
fix(tools/quorum-all-in-one): address CVE-2021-36159 and CVE-2022-28391
Other, lower severity vulnerabilities are also being addressed by this change but the two big ones are the critical severity ones mentioned in the commit subject. Most of the vulnerabilities are now fixed in quorum-all-in-one but there are still some that are not because most of the remaining vulnerabilities are still new and is still waiting for the new changes to be pulled in and released on their respective package versions. And we tried to ask on the quorum discussions on github as you can see here. (Consensys/quorum#1513). Here are the remaining vulnerabilities for quorum-all-in-one: CVE-2022-3602 CVE-2022-3786 CVE-2022-3602 CVE-2022-3786 CVE-2022-42003 CVE-2022-42004 CVE-2022-45868 CVE-2022-1471 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 Fixes hyperledger#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.