folly Known Vulnerability follyv2021.04.26.00

Known Vulnerability follyv2021.04.26.00

Open chishing96 opened this issue 3 years ago • 5 comments

Development Environment: React-native": "0.66.3"

folly-devel/2021.04.26.00-1.fc34/x86_64 1 Known Vulnerability

CVE-2021-24036 (BDSA-2021-2182) - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24036

Please help to fix this.

Dec 06 '21 03:12 chishing96

As per the CVE, this issue is fixed in v2021.07.22.00 upwards.

Afiak, Folly is developed on a single-branch model, hence the solution to this CVE is to upgrade to at least the above fixed version.

Dec 09 '21 09:12 daverigby

这是来自QQ邮箱的假期自动回复邮件。你好，我最近正在休假中，无法亲自回复你的邮件。我将在假期结束后，尽快给你回复。

Dec 09 '21 09:12 huangdamix2

@daverigby What about Flipper-Folly? It is still on v2021.06.14.00. Would be nice to fix this vulnerability with a newer Flipper-Folly version with at least v2021.07.22.00.

Dec 14 '21 15:12 eliw00d

I've no idea what Flipp-Folly is; I assume some 3rd party fork? I would contact them about which version(s) of upstream facebook/folly they use...

Dec 14 '21 15:12 daverigby

@daverigby The CocoaPods link brings me to this GitHub repo: https://cocoapods.org/pods/Flipper-Folly. I will bring this up in the facebook/flipper repo, then.

Dec 14 '21 15:12 eliw00d

folly folly copied to clipboard

Known Vulnerability follyv2021.04.26.00

folly
folly copied to clipboard