Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][opensearch-2.30.0] #646

Open
shashank-shridhar opened this issue Jan 15, 2025 · 3 comments
Open

[BUG][opensearch-2.30.0] #646

shashank-shridhar opened this issue Jan 15, 2025 · 3 comments
Labels
good first issue Good for newcomers security vulnerability Security vulnerability detected by Mend

Comments

@shashank-shridhar
Copy link

A couple of CVEs are present in this chart which require some component upgrades.

CVE-2024-21538 -> cross spawn to be upgraded to 7.0.5
axios has to be upgraded to 1.6.1 as part of CVE-2023-45857.

Is there any update or timeline when these issues will be remediated?

Thanks in advance!
@shashank-shridhar shashank-shridhar added bug Something isn't working untriaged Issues that have not yet been triaged labels Jan 15, 2025
@prudhvigodithi
Copy link
Member

[Triage]
Hey @shashank-shridhar thanks for creating the issue, is there a chance you can PR the fix ?
@TheAlgo @DandyDeveloper @peterzhuamazon

@prudhvigodithi prudhvigodithi added security vulnerability Security vulnerability detected by Mend good first issue Good for newcomers and removed untriaged Issues that have not yet been triaged bug Something isn't working labels Jan 30, 2025
@peterzhuamazon
Copy link
Member

I do notice GHSA-3xgq-45jj-v275 in other repos as well.
As for https://nvd.nist.gov/vuln/detail/CVE-2023-45857 might need to take a look.

Thanks.

@peterzhuamazon
Copy link
Member

peterzhuamazon commented Jan 30, 2025
edited
Loading

Similar to #635, the related core and plugins are doing the updates.

We will update the to use the next 2.19.0 release in OpenSearch / OpenSearch-Dashboards.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers security vulnerability Security vulnerability detected by Mend
Projects
Engineering Effectiveness Board
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prudhvigodithi @peterzhuamazon @shashank-shridhar