You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've using splunk-apm layer ARN and the version is 100 or 97, we scanned through AWS inspector, get a high level vulnerabilities Details
The library cryptography version 41.0.7 was detected in PIP library manager located at /layers/index/0/codeSha256/xxxxx/python/cryptography-41.0.7.dist-info/METADATA and is vulnerable to CVE-2023-50782, which exists in versions < 42.0.0.
The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: High).
The vulnerability can be remediated by updating the library to version 42.0.0 or higher, using pip install --upgrade cryptography.
PoC
AWS Lambda function
Runtime Nodejs 14x
Splunk-apm arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:100 or arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:97
The text was updated successfully, but these errors were encountered:
We've using splunk-apm layer ARN and the version is 100 or 97, we scanned through AWS inspector, get a high level vulnerabilities
Details
The library
cryptography
version41.0.7
was detected inPIP library manager
located at/layers/index/0/codeSha256/xxxxx/python/cryptography-41.0.7.dist-info/METADATA
and is vulnerable toCVE-2023-50782
, which exists in versions< 42.0.0
.The vulnerability was found in the Github Security Advisory with vendor severity:
High
(NVD severity:High
).The vulnerability can be remediated by updating the library to version
42.0.0
or higher, usingpip install --upgrade cryptography
.PoC
AWS Lambda function
Runtime Nodejs 14x
Splunk-apm arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:100 or arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:97
The text was updated successfully, but these errors were encountered: