fix(security): address CVE-2022-25881

hyperledger / cacti

Hyperledger Cacti is a new approach to the blockchain interoperability problem

https://wiki.hyperledger.org/display/cactus

Apache License 2.0

338 stars 277 forks source link

fix(security): address CVE-2022-25881 #2718

Closed aldousalvarez closed 4 months ago

aldousalvarez commented 11 months ago

Based on the latest trivy vulnerability scan here. There is one remaining vulnerability that needs to be fixed on carbon-accounting-backend after using the version @2.0.0-alpha.1.

http-cache-semantics (package.json) Regular Expression Denial of Service (ReDoS) vulnerability| https://avd.aquasec.com/nvd/cve-2022-25881 Package: carbon-accounting-backend Installed Version: 4.1.0 Fixed Version: 4.1.1

jagpreetsinghsasan commented 4 months ago

Fixed by the PR #3146