Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in fabric-all-in-one #2056

Closed
zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2121
Closed

fix(security): vulnerabilities found in fabric-all-in-one #2056

zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2121
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in fabric-all-in-one image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2022-28391 busybox CRITICAL
CVE-2021-28831 busybox HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-42382 ssl_client HIGH
CVE-2021-42383 ssl_client HIGH
CVE-2021-42384 ssl_client HIGH
CVE-2021-42385 ssl_client HIGH
CVE-2021-42386 ssl_client HIGH
CVE-2022-1271 xz HIGH
CVE-2022-1271 xz-libs HIGH
CVE-2018-25032 zlib HIGH
@petermetz petermetz added Fabric dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities P3 Priority 3: Medium labels Jun 2, 2022
@petermetz
Copy link
Member

petermetz commented Jun 2, 2022
edited

Marking as P4 because the Fabric AIO image is not meant to be used in production.

@petermetz petermetz added bug Something isn't working P4 Priority 4: Low good-first-issue Good for newcomers Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-300-advanced and removed P3 Priority 3: Medium labels Jun 2, 2022
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 19, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
e857eac 
Fixes hyperledger#2056
@zondervancalvez zondervancalvez mentioned this issue Jul 19, 2022
Merged
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 20, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
e189222 
Fixes hyperledger#2056
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 20, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
159e0b9 
Fixes hyperledger#2056
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 20, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
764397e 
Fixes hyperledger#2056
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 20, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
984b106 
Fixes hyperledger#2056
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Jul 23, 2022
@zondervancalvez @petermetz
fix(security): vulnerabilities found in fabric-all-in-one
09d7c73 
Fixes hyperledger#2056
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Jul 23, 2022
@zondervancalvez @petermetz
fix(security): vulnerabilities found in fabric-all-in-one
e9ae7a2 
Fixes hyperledger#2056
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 17, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
f51d344 
Fixes hyperledger#2056
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Aug 25, 2022
@zondervancalvez @petermetz
fix(security): vulnerabilities found in fabric-all-in-one
1218b25 
Fixes hyperledger#2056
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Sep 1, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
afdbc08 
Fixes hyperledger#2056

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Sep 1, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
b0e59f7 
Fixes hyperledger#2056

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Mar 31, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric-all-in-one
f5b56ac 
Fixes hyperledger#2056

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Apr 3, 2023
@zondervancalvez @sandeepnRES
fix(security): vulnerabilities found in fabric-all-in-one
77c64c3 
Fixes hyperledger#2056

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(security): vulnerabilities found in fabric-all-in-one zondervancalvez/cactus
2 participants
@petermetz @zondervancalvez