Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): vulnerabilities found in quorum-all-in-one #2746

Closed
zondervancalvez opened this issue Oct 5, 2023 · 0 comments
Closed

fix(security): vulnerabilities found in quorum-all-in-one #2746

zondervancalvez opened this issue Oct 5, 2023 · 0 comments

Comments

@zondervancalvez
Copy link
Contributor

Description

Vulnerabilities were found during the container scan of quorum-all-in-one image using Trivy.
See the list below:

LIBRARY VULNERABILITY AFFECTED VERSION FIXED VERSION
libssl3 CVE-2022-3602
CVE-2022-3786
CVE-2023-0286		 3.0.2-0ubuntu1.6 3.0.2-0ubuntu1.7

3.0.2-0ubuntu1.8
openssl CVE-2022-3602
CVE-2022-3786
CVE-2023-0286		 3.0.2-0ubuntu1.6  3.0.2-0ubuntu1.7

3.0.2-0ubuntu1.8
com.fasterxml.jackson.core:jackson-databind (jackson-databind-2.13.3.jar) CVE-2022-42003
CVE-2022-42004		 2.13.3 2.12.7.1, 2.13.4.1

2.12.7.1, 2.13.4
com.h2database:h2 (h2-2.1.212.jar) CVE-2022-45868 2.1.212 2.2.220
org.yaml:snakeyaml (snakeyaml-1.30.jar) CVE-2022-1471
CVE-2022-25857		 1.3 2

1.31
github.com/prometheus/client_golang CVE-2022-21698 v1.0.0 1.11.1
golang.org/x/net CVE-2022-27664
CVE-2022-41723		 v0.0.0-20220425223048-2871e0cb64e4 0.0.0-20220906165146-f3363e06e74c

0.7.0
golang.org/x/text CVE-2022-32149 v0.3.7 0.3.8
@zondervancalvez zondervancalvez closed this as not planned Won't fix, can't repro, duplicate, stale Oct 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zondervancalvez