You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Debanjan Bhowmick (Jira)" <ji...@apache.org> on 2022/03/03 04:08:00 UTC
[jira] [Created] (ZOOKEEPER-4484) Security Vulnerabilities in Apache Zookeper image
Debanjan Bhowmick created ZOOKEEPER-4484:
--------------------------------------------
Summary: Security Vulnerabilities in Apache Zookeper image
Key: ZOOKEEPER-4484
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4484
Project: ZooKeeper
Issue Type: Bug
Affects Versions: 3.7.0
Reporter: Debanjan Bhowmick
Attachments: 0-02-03-43ecbd3105b8acb3dabd52683aac076b818c698c721c89070024677252b5a017_1c6da8c1746854.png
We have found this below list of CRITICAL Security vulnerabilties present in the official zookeper image -
||Vulnerability ID||Component||Infected versions||Fixed versions||
|CVE-2021-33574|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|XRAY-179837|io.netty:netty-codec:4.1.59.Final|< 4.1.66.Final|4.1.66.Final|
|CVE-2022-23307|log4j:log4j:1.2.17|All Versions|N/A|
|CVE-2019-17571|log4j:log4j:1.2.17|≤ 1.2.17|N/A|
|CVE-2022-23305|log4j:log4j:1.2.17|1.1.0 ≤ Version ≤ 1.2.17|N/A|
|CVE-2022-23219|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|CVE-2022-23218|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
Can you please help us with the fix or update us on the release of security patches and also their respective timelines.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)