fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 #2039

fixes: #2039 related to: #2241 Verified that these changes will fix the vulnerabilities in cactus-cmd-api-server in addition to the following CVE IDs: - CVE-2022-24434 - CVE-2022-24999 (express) - CVE-2022-24999 (qs) Co-authored-by: Peter Somogyvari <[email protected]> Signed-off-by: ruzell22 <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>
hyperledger-cacti · Apr 3, 2023 · 1cc9667 · 1cc9667
1 parent bdd8372
commit 1cc9667
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/packages/cactus-core/package.json b/packages/cactus-core/package.json
@@ -52,9 +52,9 @@
   "dependencies": {
     "@hyperledger/cactus-common": "1.2.0",
     "@hyperledger/cactus-core-api": "1.2.0",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "express-jwt-authz": "2.4.1",
-    "express-openapi-validator": "4.12.12",
+    "express-openapi-validator": "4.13.8",
     "typescript-optional": "2.0.1"
   },
   "devDependencies": {

diff --git a/packages/cactus-plugin-ledger-connector-besu/package.json b/packages/cactus-plugin-ledger-connector-besu/package.json
@@ -57,7 +57,7 @@
     "@hyperledger/cactus-core": "1.2.0",
     "@hyperledger/cactus-core-api": "1.2.0",
     "axios": "0.21.4",
-    "express": "4.17.1",
+    "express": "4.17.3",
     "joi": "17.4.2",
     "openapi-types": "9.1.0",
     "prom-client": "13.2.0",