You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Mate Szalay-Beko (Jira)" <ji...@apache.org> on 2022/03/03 07:15:00 UTC
[jira] [Resolved] (ZOOKEEPER-4484) Critical Security Vulnerabilities in Apache Zookeper image
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4484?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mate Szalay-Beko resolved ZOOKEEPER-4484.
-----------------------------------------
Resolution: Invalid
> Critical Security Vulnerabilities in Apache Zookeper image
> ----------------------------------------------------------
>
> Key: ZOOKEEPER-4484
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4484
> Project: ZooKeeper
> Issue Type: Bug
> Affects Versions: 3.7.0
> Reporter: Debanjan Bhowmick
> Priority: Critical
> Attachments: 0-02-03-43ecbd3105b8acb3dabd52683aac076b818c698c721c89070024677252b5a017_1c6da8c1746854.png
>
>
> We have found this below list of CRITICAL Security vulnerabilties present in the official zookeper image -
> ||Vulnerability ID||Component||Infected versions||Fixed versions||
> |CVE-2021-33574|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
> |XRAY-179837|io.netty:netty-codec:4.1.59.Final|< 4.1.66.Final|4.1.66.Final|
> |CVE-2022-23307|log4j:log4j:1.2.17|All Versions|N/A|
> |CVE-2019-17571|log4j:log4j:1.2.17|≤ 1.2.17|N/A|
> |CVE-2022-23305|log4j:log4j:1.2.17|1.1.0 ≤ Version ≤ 1.2.17|N/A|
> |CVE-2022-23219|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
> |CVE-2022-23218|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
> Can you please help us with the fix or update us on the release of security patches and also their respective timelines.
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)