[jira] [Created] (ZOOKEEPER-4484) Security Vulnerabilities in Apache Zookeper image

Debanjan Bhowmick (Jira) Wed, 02 Mar 2022 20:08:05 -0800

Debanjan Bhowmick created ZOOKEEPER-4484:
--------------------------------------------


             Summary: Security Vulnerabilities in Apache Zookeper image
                 Key: ZOOKEEPER-4484
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4484
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.7.0
            Reporter: Debanjan Bhowmick
         Attachments: 
0-02-03-43ecbd3105b8acb3dabd52683aac076b818c698c721c89070024677252b5a017_1c6da8c1746854.png

We have found this below list of CRITICAL Security vulnerabilties present in 
the official zookeper image -


||Vulnerability ID||Component||Infected versions||Fixed versions||
|CVE-2021-33574|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|XRAY-179837|io.netty:netty-codec:4.1.59.Final|< 4.1.66.Final|4.1.66.Final|
|CVE-2022-23307|log4j:log4j:1.2.17|All Versions|N/A|
|CVE-2019-17571|log4j:log4j:1.2.17|≤ 1.2.17|N/A|
|CVE-2022-23305|log4j:log4j:1.2.17|1.1.0 ≤ Version ≤ 1.2.17|N/A|
|CVE-2022-23219|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|
|CVE-2022-23218|debian:bullseye:libc6:2.31-13+deb11u2|N/A|N/A|


Can you please help us with the fix or update us on the release of security 
patches and also their respective timelines.

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (ZOOKEEPER-4484) Security Vulnerabilities in Apache Zookeper image

Reply via email to