Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in fabric2-all-in-one #2057

Closed
zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2135
Closed

fix(security): vulnerabilities found in fabric2-all-in-one #2057

zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2135
Assignees
@zondervancalvez
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in fabric2-all-in-one image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2022-28391 busybox CRITICAL
CVE-2021-28831 busybox HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-3121 github.com/gogo/protobuf HIGH
CVE-2019-16884 github.com/opencontainers/runc HIGH
CVE-2019-19921 github.com/opencontainers/runc HIGH
CVE-2020-14040 golang.org/x/text HIGH
@petermetz petermetz added P4 Priority 4: Low dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Fabric labels Jun 2, 2022
@petermetz
Copy link
Contributor

Marking as P4 because the Fabric 2 AIO image is not meant to be used in production.

@petermetz petermetz added good-first-issue Good for newcomers Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-300-advanced bug Something isn't working labels Jun 2, 2022
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
519ed11 
Fixes hyperledger-cacti#2057
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
291cf09 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
400c86d 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 9, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
bbfe167 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 11, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
4ddf803 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 11, 2022
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
c65ae79 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Apr 27, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
64aac35 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 4, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
b0717ca 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 4, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
7eef2ad 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 5, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
f77e6c4 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue May 9, 2023
@zondervancalvez @petermetz
fix(security): vulnerabilities found in fabric2-all-in-one
e41dbbd 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue May 25, 2023
@zondervancalvez @petermetz
fix(security): vulnerabilities found in fabric2-all-in-one
92ccf91 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jun 29, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
511b369 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jun 29, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
908b926 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
d447f97 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 15, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
a3f9b14 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 15, 2023
@zondervancalvez
fix(security): vulnerabilities found in fabric2-all-in-one
ce3d750 
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <[email protected]>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Aug 18, 2023
@zondervancalvez @petermetz
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17
b28ed21 
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: zondervancalvez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
@petermetz petermetz mentioned this issue Aug 18, 2023
Merged
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Aug 18, 2023
@zondervancalvez @petermetz
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17
efb6911 
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: zondervancalvez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
petermetz pushed a commit that referenced this issue Aug 18, 2023
@zondervancalvez @petermetz
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17
7864d5d 
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes #2057

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: zondervancalvez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
@zondervancalvez @sandeepnRES
tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17
2c4ee18 
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <[email protected]>

Signed-off-by: zondervancalvez <[email protected]>
Signed-off-by: Peter Somogyvari <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zondervancalvez zondervancalvez

Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

tools(fabric2-all-in-one): fix multiple vulnerabilities - 2023-08-17 zondervancalvez/cactus
2 participants
@petermetz @zondervancalvez