Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4484

Critical Security Vulnerabilities in Apache Zookeper image

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Invalid
    • 3.7.0
    • None
    • None
    • None

    Description

      We have found this below list of CRITICAL Security vulnerabilties present in the official zookeper image -

      Vulnerability ID Component Infected versions Fixed versions
      CVE-2021-33574 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A
      XRAY-179837 io.netty:netty-codec:4.1.59.Final < 4.1.66.Final 4.1.66.Final
      CVE-2022-23307 log4j:log4j:1.2.17 All Versions N/A
      CVE-2019-17571 log4j:log4j:1.2.17 ≤ 1.2.17 N/A
      CVE-2022-23305 log4j:log4j:1.2.17 1.1.0 ≤ Version ≤ 1.2.17 N/A
      CVE-2022-23219 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A
      CVE-2022-23218 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A

      Can you please help us with the fix or update us on the release of security patches and also their respective timelines.

       

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-3995 Vulnerabilities in components packaged in zookeeper docker

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Task - A task that needs to be done. ZOOKEEPER-4426 Fix Docker Hub Zookeeper-Versions to CVE-2021-44228

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              debanjan05 Debanjan Bhowmick
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: