Third-Party Package Updates in Splunk Add-on for Amazon Web Services - September 2024
Advisory ID: SVD-2024-0901
CVE ID: Multiple
Published: 2024-09-30
Last Update: 2024-09-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Add-on for Amazon Web Services versions 7.7.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| idna | Upgraded to 3.7 | CVE-2024-3651 | High |
| urllib3 | Upgraded to 1.26.19 | CVE-2024-37891 | Medium |
| golang1 | Upgraded golang to 1.22.5 | CVE-2023-39326 | Medium |
| certifi | Upgraded to 2024.7.4 | CVE-2024-39689 | High |
1 Upgraded parquet_decoder_darwin_amd64, parquet_decoder_linux_amd64, and parquet_decoder_windows_amd64.exe in Splunk_TA_aws/bin/aws_parquet/ from 1.19.8 to 1.22.5.
Solution
Upgrade Splunk Add-on for Amazon Web Services to versions 7.7.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Amazon Web Services | 7.7 | Below 7.7.0 | 7.7.0 |
Severity
For the CVEs in this list, Splunk adopted one of the following ratings:
- Where applicable, the severity rating that the vendor published, or
- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.