Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in test-npm-registry #2061

Closed
zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2208
Closed

fix(security): vulnerabilities found in test-npm-registry #2061

zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2208
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced P4 Priority 4: Low Security Related to existing or potential security vulnerabilities Tests Anything related to tests be that automatic or manual, integration or unit, etc.

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in test-npm-registry image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-42379 busybox HIGH
CVE-2021-42380 busybox HIGH
CVE-2021-42381 busybox HIGH
CVE-2021-42382 busybox HIGH
CVE-2021-42383 busybox HIGH
CVE-2021-42384 busybox HIGH
CVE-2021-42385 busybox HIGH
CVE-2021-42386 busybox HIGH
CVE-2021-3711 libcrypto1.1 CRITICAL
CVE-2021-3712 libcrypto1.1 HIGH
CVE-2021-3711 libssl1.1 CRITICAL
CVE-2021-3712 libssl1.1 HIGH
CVE-2021-3711 openssl CRITICAL
CVE-2021-3712 openssl HIGH
CVE-2021-42378 ssl_client HIGH
CVE-2021-42379 ssl_client HIGH
CVE-2021-42380 ssl_client HIGH
CVE-2021-42381 ssl_client HIGH
CVE-2021-42382 ssl_client HIGH
CVE-2021-42383 ssl_client HIGH
CVE-2021-42384 ssl_client HIGH
CVE-2021-42385 ssl_client HIGH
CVE-2021-42386 ssl_client HIGH
CVE-2021-3807 ansi-regex HIGH
CVE-2021-3807 ansi-regex HIGH
CVE-2021-43138 async HIGH
CVE-2021-3918 json-schema CRITICAL
CVE-2020-8203 lodash HIGH
CVE-2021-23337 lodash HIGH
CVE-2022-21680 marked HIGH
CVE-2022-21681 marked HIGH
CVE-2021-44906 minimist CRITICAL
CVE-2021-27290 ssri HIGH
CVE-2021-32803 tar HIGH
CVE-2021-32804 tar HIGH
CVE-2021-37701 tar HIGH
CVE-2021-37712 tar HIGH
CVE-2021-37713 tar HIGH
@petermetz petermetz added good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities good-first-issue-300-advanced P4 Priority 4: Low Tests Anything related to tests be that automatic or manual, integration or unit, etc. labels Jun 2, 2022
@petermetz
Copy link
Member

P4 because this is a test utility.

ruzell22 added a commit to ruzell22/cactus that referenced this issue Nov 17, 2022
@ruzell22
fix(security): vulnerabilities found in test-npm-registry
6912f9a 
fixes: hyperledger#2061
Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
@ruzell22 ruzell22 mentioned this issue Nov 17, 2022
Merged
petermetz pushed a commit to ruzell22/cactus that referenced this issue Nov 20, 2022
@ruzell22 @petermetz
fix(security): vulnerabilities found in test-npm-registry
8c81826 
fixes: hyperledger#2061
Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
petermetz pushed a commit that referenced this issue Nov 20, 2022
@ruzell22 @petermetz
fix(security): vulnerabilities found in test-npm-registry
4bbe012 
fixes: #2061
Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced P4 Priority 4: Low Security Related to existing or potential security vulnerabilities Tests Anything related to tests be that automatic or manual, integration or unit, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(security): vulnerabilities found in test-npm-registry ruzell22/cactus
2 participants
@petermetz @zondervancalvez