Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in cactus-cmd-api-server #2039

Closed
zondervancalvez opened this issue May 24, 2022 · 2 comments · Fixed by #2321
Closed

fix(security): vulnerabilities found in cactus-cmd-api-server #2039

zondervancalvez opened this issue May 24, 2022 · 2 comments · Fixed by #2321
Labels
API_Server dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in cactus-cmd-api-server image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-3807 ansi-regex HIGH
CVE-2021-3807 ansi-regex HIGH
CVE-2021-43138 async HIGH
CVE-2022-22143 convict HIGH
CVE-2022-24771 node-forge HIGH
CVE-2022-24772 node-forge HIGH
CVE-2021-32803 tar HIGH
CVE-2021-32804 tar HIGH
CVE-2021-37701 tar HIGH
CVE-2021-37712 tar HIGH
CVE-2021-37713 tar HIGH
@petermetz petermetz added dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities P1 Priority 1: Highest API_Server labels May 31, 2022
@petermetz
Copy link
Member

Depends on #2054

@ruzell22
Copy link
Contributor

ruzell22 commented Jun 8, 2022

Hello @petermetz , can you assign me on this one? Thank you.

ruzell22 added a commit to ruzell22/cactus that referenced this issue Mar 15, 2023
@ruzell22
fix(security): vulnerabilities found in cactus-cmd-api-server hyperle…
9caac46 
…dger#2039

fixes: hyperledger#2039
Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
ruzell22 added a commit to ruzell22/cactus that referenced this issue Mar 15, 2023
@ruzell22
fix(security): vulnerabilities found in cactus-cmd-api-server hyperle…
d39625d 
…dger#2039

fixes: hyperledger#2039
Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
@ruzell22 ruzell22 mentioned this issue Mar 15, 2023
Merged
ruzell22 added a commit to ruzell22/cactus that referenced this issue Mar 28, 2023
@ruzell22
fix(security): vulnerabilities found in cactus-cmd-api-server hyperle…
652b6f2 
…dger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
ruzell22 added a commit to ruzell22/cactus that referenced this issue Mar 28, 2023
@ruzell22
fix(security): vulnerabilities found in cactus-cmd-api-server hyperle…
495098a 
…dger#2039 - fix CVE-2022-24434 and CVE-2022-24999

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
ruzell22 added a commit to ruzell22/cactus that referenced this issue Mar 29, 2023
@ruzell22
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
599676c 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
ryjones pushed a commit to ruzell22/cactus that referenced this issue Mar 29, 2023
@ruzell22 @ryjones
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
c06c54f 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
charellesandig pushed a commit to charellesandig/cactus that referenced this issue Apr 4, 2023
@ruzell22 @charellesandig
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
27a657f 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
charellesandig pushed a commit to charellesandig/cactus that referenced this issue Apr 13, 2023
@ruzell22 @charellesandig
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
93e35df 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
charellesandig pushed a commit to charellesandig/cactus that referenced this issue Apr 13, 2023
@ruzell22 @charellesandig
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
f56318a 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
charellesandig pushed a commit to charellesandig/cactus that referenced this issue Apr 20, 2023
@ruzell22 @charellesandig
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
fc7702f 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
charellesandig pushed a commit to charellesandig/cactus that referenced this issue May 2, 2023
@ruzell22 @charellesandig
fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…
03c81a8 
…ledger#2039

fixes: hyperledger#2039

related to: hyperledger#2241

Verified that these changes will fix the vulnerabilities in
cactus-cmd-api-server in addition to the following CVE IDs:
- CVE-2022-24434
- CVE-2022-24999 (express)
- CVE-2022-24999 (qs)

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API_Server dependencies Pull requests that update a dependency file P1 Priority 1: Highest Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 #2039 ruzell22/cactus
3 participants
@petermetz @zondervancalvez @ruzell22