Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): address CVE-2021-3749 - axios >=0.22.0 #2790

Closed
petermetz opened this issue Oct 13, 2023 · 0 comments · Fixed by #2792
Closed

fix(security): address CVE-2021-3749 - axios >=0.22.0 #2790

petermetz opened this issue Oct 13, 2023 · 0 comments · Fixed by #2792
Assignees
@petermetz
Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P2 Priority 2: High Security Related to existing or potential security vulnerabilities
Milestone
v2.0.0

Comments

@petermetz
Copy link
Member

Description

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses

CVE ID: CVE-2021-3749
GHSA ID: GHSA-cph5-m8f7-6c5x
@petermetz petermetz added good-first-issue Good for newcomers dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-300-advanced P2 Priority 2: High labels Oct 13, 2023
@petermetz petermetz added this to the v2.0.0 milestone Oct 13, 2023
@petermetz petermetz self-assigned this Oct 13, 2023
@petermetz petermetz changed the title fix(security): address fix(security): address CVE-2021-3749 - axios >=0.22.0 Oct 13, 2023
petermetz added a commit to petermetz/cacti that referenced this issue Oct 13, 2023
@petermetz
fix(security): address CVE-2021-3749 - axios >=0.22.0
1eb0017 
Ensured that axios is updated to >=0.22.0 in all packages that use it.

The only place where it was not possible to upgrade it through upgrading
transitive dependencies was the ubiquity connector package so for that one
I forced the issue through the resolutions section of the root package.json.

-----------------------------------------------

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses
- [WeaknessCWE-400](https://cwe.mitre.org/data/definitions/400.html)
- [WeaknessCWE-1333](https://cwe.mitre.org/data/definitions/1333.html)

CVE ID: `CVE-2021-3749`
GHSA ID: `GHSA-cph5-m8f7-6c5x`

Fixes hyperledger#2790

[skip ci]

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
@petermetz petermetz mentioned this issue Oct 13, 2023
Merged
petermetz added a commit to petermetz/cacti that referenced this issue Oct 18, 2023
@petermetz
fix(security): address CVE-2021-3749 - axios >=0.22.0
ea4a50e 
Ensured that axios is updated to >=0.22.0 in all packages that use it.

The only place where it was not possible to upgrade it through upgrading
transitive dependencies was the ubiquity connector package so for that one
I forced the issue through the resolutions section of the root package.json.

-----------------------------------------------

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses
- [WeaknessCWE-400](https://cwe.mitre.org/data/definitions/400.html)
- [WeaknessCWE-1333](https://cwe.mitre.org/data/definitions/1333.html)

CVE ID: `CVE-2021-3749`
GHSA ID: `GHSA-cph5-m8f7-6c5x`

Fixes hyperledger#2790

[skip ci]

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz added a commit that referenced this issue Oct 18, 2023
@petermetz
fix(security): address CVE-2021-3749 - axios >=0.22.0
61fc700 
Ensured that axios is updated to >=0.22.0 in all packages that use it.

The only place where it was not possible to upgrade it through upgrading
transitive dependencies was the ubiquity connector package so for that one
I forced the issue through the resolutions section of the root package.json.

-----------------------------------------------

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses
- [WeaknessCWE-400](https://cwe.mitre.org/data/definitions/400.html)
- [WeaknessCWE-1333](https://cwe.mitre.org/data/definitions/1333.html)

CVE ID: `CVE-2021-3749`
GHSA ID: `GHSA-cph5-m8f7-6c5x`

Fixes #2790

[skip ci]

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@petermetz @sandeepnRES
fix(security): address CVE-2021-3749 - axios >=0.22.0
0b6e654 
Ensured that axios is updated to >=0.22.0 in all packages that use it.

The only place where it was not possible to upgrade it through upgrading
transitive dependencies was the ubiquity connector package so for that one
I forced the issue through the resolutions section of the root package.json.

-----------------------------------------------

The GitHub Cacti security advisory: https://github.com/hyperledger/cacti/security/dependabot/361

The general GitHub security advisory: GHSA-cph5-m8f7-6c5x

Weaknesses
- [WeaknessCWE-400](https://cwe.mitre.org/data/definitions/400.html)
- [WeaknessCWE-1333](https://cwe.mitre.org/data/definitions/1333.html)

CVE ID: `CVE-2021-3749`
GHSA ID: `GHSA-cph5-m8f7-6c5x`

Fixes hyperledger#2790

[skip ci]

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@petermetz petermetz

Labels
dependencies Pull requests that update a dependency file good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P2 Priority 2: High Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
v2.0.0
Development

Successfully merging a pull request may close this issue.

fix(security): address CVE-2021-3749 - axios >=0.22.0 petermetz/cacti
1 participant
@petermetz