flipper icon indicating copy to clipboard operation
flipper copied to clipboard

Published 20 hours ago verified publisher icon facebook

Question about CVE-2021-24036 and CVE-2012-2677

Open eliw00d opened this issue 3 years ago • 3 comments

I am trying to fix the following vulnerabilities that are related to Flipper:

Flipper-Folly: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24036 Flipper-Boost-iOSX: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2012-2677

Are there plans to bump the versions of these to include fixes for these vulnerabilities?

eliw00d avatar Dec 14 '21 16:12 eliw00d

@lblasa would you be able to bump those deps? Or @eliw00d if you were interested in submitting a PR, we'd welcome that!

mweststrate avatar Dec 16 '21 09:12 mweststrate

@mweststrate yes, I'm working on it. Unfortunately is not as easy as bumping a version number, but the updates are coming :)

lblasa avatar Dec 16 '21 13:12 lblasa

Is there any update on this? We're getting the same flag in our WhiteSource scan after upgrading to the latest version of React Native (0.70.6).

CVE-2021-24036 found in:

Flipper-Folly 2.6.10

I'm not sure who is in charge of creating a new CocoaPod for Flipper-Folly.

ChasePwn14 avatar Jan 05 '23 19:01 ChasePwn14