Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-50782 #109

Open
sandaoyuyxy opened this issue Mar 14, 2024 · 0 comments
Open

CVE-2023-50782 #109

sandaoyuyxy opened this issue Mar 14, 2024 · 0 comments

Comments

@sandaoyuyxy
Copy link

We've using splunk-apm layer ARN and the version is 100 or 97, we scanned through AWS inspector, get a high level vulnerabilities
Details
The library cryptography version 41.0.7 was detected in PIP library manager located at /layers/index/0/codeSha256/xxxxx/python/cryptography-41.0.7.dist-info/METADATA and is vulnerable to CVE-2023-50782, which exists in versions < 42.0.0.

The vulnerability was found in the Github Security Advisory with vendor severity: High (NVD severity: High).

The vulnerability can be remediated by updating the library to version 42.0.0 or higher, using pip install --upgrade cryptography.

PoC
AWS Lambda function
Runtime Nodejs 14x
Splunk-apm arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:100 or arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:97

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant