Vulnerable dependencies in CA documentation
benjsmi opened this issue · 0 comments
benjsmi commented
NB: Please note that this issue is in progress and will be updated.
I have decided to amalgamate these all into one list to make things easier for the Hyperledger Fabric team. @denyeart explained that JARs/dependencies with known vulnerabilities are OK to report via GitHub issue. So here we go.
| Name | Found in Code | CVEs | Due Date | Status |
|---|---|---|---|---|
| Babel-2.3.4-py2.py3-none-any.whl | https://github.com/hyperledger/fabric-ca/blob/main/docs/requirements.txt#L9 | https://nvd.nist.gov/vuln/detail/CVE-2021-42771 | Aug 21, 2023 | #367 merged. ✅ |
| Pygments-2.1.3-py2.py3-none-any.whl | https://github.com/hyperledger/fabric-ca/blob/main/docs/requirements.txt#L14 | https://nvd.nist.gov/vuln/detail/CVE-2021-27291, https://nvd.nist.gov/vuln/detail/CVE-2021-20270 | Aug 21, 2023 | #367 merged. ✅ |