You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Debanjan Bhowmick (Jira)" <ji...@apache.org> on 2022/03/03 04:08:00 UTC

[jira] [Created] (ZOOKEEPER-4484) Security Vulnerabilities in Apache Zookeper image

Debanjan Bhowmick created ZOOKEEPER-4484:
--------------------------------------------

             Summary: Security Vulnerabilities in Apache Zookeper image
                 Key: ZOOKEEPER-4484
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4484
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.7.0
            Reporter: Debanjan Bhowmick
         Attachments: 0-02-03-43ecbd3105b8acb3dabd52683aac076b818c698c721c89070024677252b5a017_1c6da8c1746854.png

We have found this below list of CRITICAL Security vulnerabilties present in the official zookeper image -


||Vulnerability ID||Component||Infected versions||Fixed versions||
|CVE-2021-33574|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|XRAY-179837|io.netty:netty-codec:4.1.59.Final|< 4.1.66.Final|4.1.66.Final|
|CVE-2022-23307|log4j:log4j:1.2.17|All Versions|N/A|
|CVE-2019-17571|log4j:log4j:1.2.17|≤ 1.2.17|N/A|
|CVE-2022-23305|log4j:log4j:1.2.17|1.1.0 ≤ Version ≤ 1.2.17|N/A|
|CVE-2022-23219|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|CVE-2022-23218|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|


Can you please help us with the fix or update us on the release of security patches and also their respective timelines.

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)