Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(connector-fabric): cve-2020-7774 Prototype Pollution high severity #745

Closed
petermetz opened this issue Mar 29, 2021 · 0 comments · Fixed by #746
Closed

fix(connector-fabric): cve-2020-7774 Prototype Pollution high severity #745

petermetz opened this issue Mar 29, 2021 · 0 comments · Fixed by #746
Assignees
@petermetz
Labels
bug Something isn't working Fabric Security Related to existing or potential security vulnerabilities

Comments

@petermetz
Copy link
Member

Describe the bug

GHSA-c4w7-xm78-47vh

To Reproduce

N/A

Expected behavior

N/A

Logs/Stack traces

N/A

Screenshots

N/A

Cloud provider or hardware configuration:

N/A

Operating system name, version, build:

N/A

Hyperledger Cactus release version or commit (git rev-parse --short HEAD):

main

Hyperledger Cactus Plugins/Connectors Used

  • Which DLT connectors are you using (Fabric, Quorum, Corda, Besu, etc.)

Fabric Connector

Add any other context about the problem here.

N/A

cc: @takeutak @sfuji822 @hartm @jonathan-m-hamilton @AzaharaC @jordigiam @kikoncuo @jagpreetsinghsasan
@petermetz petermetz added bug Something isn't working Security Related to existing or potential security vulnerabilities Fabric labels Mar 29, 2021
@petermetz petermetz self-assigned this Mar 29, 2021
petermetz added a commit to petermetz/cacti that referenced this issue Mar 29, 2021
@petermetz
fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. hy…
29b9d00 
…perledger#745

Attempt to get away with upgradaing the fabric-network
dependency to the current latest 1.4.x which is 17.
Fingers crossed that this does not introduce other regressions.

Fixes hyperledger#745

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz mentioned this issue Mar 29, 2021
Merged
petermetz added a commit to petermetz/cacti that referenced this issue Mar 30, 2021
@petermetz
fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. hy…
4237139 
…perledger#745

Attempt to get away with upgradaing the fabric-network
dependency to the current latest 1.4.x which is 17.
Fingers crossed that this does not introduce other regressions.

Fixes hyperledger#745

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Mar 30, 2021
@petermetz
fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. hy…
b141541 
…perledger#745

Attempt to get away with upgradaing the fabric-network
dependency to the current latest 1.4.x which is 17.
Fingers crossed that this does not introduce other regressions.

Fixes hyperledger#745

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit to petermetz/cacti that referenced this issue Mar 30, 2021
@petermetz
fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. hy…
e6fc306 
…perledger#745

Attempt to get away with upgradaing the fabric-network
dependency to the current latest 1.4.x which is 17.
Fingers crossed that this does not introduce other regressions.

Fixes hyperledger#745

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Apr 2, 2021
@petermetz
fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. #745
6114cef 
Attempt to get away with upgradaing the fabric-network
dependency to the current latest 1.4.x which is 17.
Fingers crossed that this does not introduce other regressions.

Fixes #745

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
bug Something isn't working Fabric Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(connector-fabric): cve-2020-7774 Prototype Pollution high sev. #745 petermetz/cacti
1 participant
@petermetz