trying to find if we're vulnerable to CVE-2021-442...
# orm-helpc
Cymak
12/11/2021, 5:55 PMtrying to find if we're vulnerable to CVE-2021-44228
👍 1
n
Nicolò Veronese
12/11/2021, 8:25 PMI was wondering the same!
c
Cymak
12/12/2021, 2:18 AMWhat I ended up doing was to look at each image and search package info for vulnerable versions. It's slow going
n
Nicolò Veronese
12/12/2021, 8:40 AMI've opened an issue on github. But no reply so far.
This is so bad... prisma1 seems in deprecated state and not "maintenance" mode.
a
Athir Nuaimi
12/12/2021, 12:10 PMlog4j is only for java code. Prisma is all JS.
n
Nicolò Veronese
12/12/2021, 10:33 PMNot Prisma v1
n
Nino Vrijman
12/13/2021, 9:05 AMI also posted a question about this in #prisma1 https://prisma.slack.com/archives/C0152UA4DH9/p1639385736030900
Nino Vrijman
12/13/2021, 9:05 AMAnd on Twitter: https://twitter.com/ninovrijman/status/1470317080679526400
Nino Vrijman
12/13/2021, 10:17 AMPrisma 1 is not affected: https://github.com/prisma/prisma1/issues/5177#issuecomment-992303784
🙌 1
2 Views