fix(cmd-socketio-server): fix Prototype Pollution in nconf #2684
Assignees
Labels
bug
Something isn't working
dependencies
Pull requests that update a dependency file
dependent
good-first-issue
Good for newcomers
good-first-issue-200-intermediate
Hacktoberfest
Hacktoberfest participants are welcome to take a stab at issues marked with this label.
P2
Priority 2: High
Security
Related to existing or potential security vulnerabilities
Milestone
Comments
|
This PR/issue depends on:
|
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Sep 11, 2023
Depends on hyperledger-cacti#2562 - build(deps): fix npm (grpc) build on NodeJS v20.4.0 Fixes hyperledger-cacti#2684 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES
pushed a commit
to petermetz/cacti
that referenced
this issue
Sep 20, 2023
Depends on hyperledger-cacti#2562 - build(deps): fix npm (grpc) build on NodeJS v20.4.0 Fixes hyperledger-cacti#2684 Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Oct 16, 2023
Depends on hyperledger-cacti#2562 - build(deps): fix npm (grpc) build on NodeJS v20.4.0 Fixes hyperledger-cacti#2684 [skip ci] Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
|
Fixed in another change as explained by #2685 (comment) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
CVE ID
: CVE-2022-21803
GHSA ID: GHSA-6xwr-q98w-rvg7
https://github.com/hyperledger/cacti/security/dependabot/131
See advisory in GitHub Advisory Database
Depends on #2563
This can't be completely fixed until the above linked PR/issue is also resolved because an old version of nconf is being used by the old version of the Fabric NodeJS libraries (which is being resolved by the parent PR/issue)
The text was updated successfully, but these errors were encountered: