fix(tools/quorum-all-in-one): address CVE-2021-36159 and CVE-2022-28391 #2059
Labels
dependencies
Pull requests that update a dependency file
P4
Priority 4: Low
Quorum
Security
Related to existing or potential security vulnerabilities
Comments
petermetz
added
Quorum
dependencies
|
Marking as P4 because the Quorum AIO image is not meant to be used in production. |
|
Hi @petermetz Can you assign me on this one? Thank you so much! |
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Dec 23, 2022
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 3, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 4, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 5, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 5, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 5, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 6, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Jan 6, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez
added a commit
to aldousalvarez/cactus
that referenced
this issue
Feb 1, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
petermetz
pushed a commit
to aldousalvarez/cactus
that referenced
this issue
Mar 27, 2023
Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
petermetz
changed the title
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this issue
Apr 10, 2023
Other, lower severity vulnerabilities are also being addressed by this change but the two big ones are the critical severity ones mentioned in the commit subject. Most of the vulnerabilities are now fixed in quorum-all-in-one but there are still some that are not because most of the remaining vulnerabilities are still new and is still waiting for the new changes to be pulled in and released on their respective package versions. And we tried to ask on the quorum discussions on github as you can see here. (Consensys/quorum#1513). Here are the remaining vulnerabilities for quorum-all-in-one: CVE-2022-3602 CVE-2022-3786 CVE-2022-3602 CVE-2022-3786 CVE-2022-42003 CVE-2022-42004 CVE-2022-45868 CVE-2022-1471 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 CVE-2022-21698 CVE-2022-27664 CVE-2022-32149 Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
List of vulnerabilities found in quorum-all-in-one image during Azure Container scan.
The text was updated successfully, but these errors were encountered: