-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(security): address CVE-2022-29244, CVE-2021-39135 #2136
Comments
Hello @petermetz can you assign me on this one? Thanks |
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jul 28, 2022
Fixes hyperledger-cacti#2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
This was referenced Jul 28, 2022
petermetz
pushed a commit
that referenced
this issue
Aug 5, 2022
Fixes #2136 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on the latest azure container scan there are new vulnerabilities detected on the following packages :
cactus-example-supply-chain-app - (npm)
cactus-example-carbon-accounting - (npm)
cactus-cmd-api-server - (npm, @npmcli/arborist)
Packing does not respect root-level ignore files in workspaces - GHSA-hj9c-8jmm-8c52 (CVE-2022-29244)
Package: npm
Affected versions: >=7.9.0, <8.11.0
Patched Versions: 8.11.0
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist - GHSA-gmw6-94gg-2rc2 (CVE-2021-39135)
Package: @npmcli/arborist
Affected versions: < 2.8.2
Patched Versions: 2.8.2 (included in npm v7.20.7 and above)
The text was updated successfully, but these errors were encountered: