August Third Party Package Updates in Splunk Enterprise

Advisory ID: SVD-2023-0808

CVE ID:  Multiple

Published: 2023-08-30

Last Update: 2023-08-30

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the folLowing:

CVEPackageRemediationSeverity
CVE-2022-38900decode-uri-componentUpgraded to 6.0.0High
CVE-2022-33987gotUpgraded to 12.5.3Medium
CVE-2022-37601loader-utilsUpgraded to 1.4.2Critical
CVE-2021-23382postcssUpgraded to 7.0.37High
CVE-2021-29060color-stringUpgraded to 1.5.5Medium
CVE-2022-38900decode-uri-componentUpgraded to 0.2.1High
CVE-2020-28469glob-parentUpgraded to 5.1.2High
CVE-2022-37599loader-utilsUpgraded to 2.0.4High
CVE-2022-37601loader-utilsUpgraded to 2.0.4Critical
CVE-2022-37603loader-utilsUpgraded to 2.0.4High
CVE-2022-3517minimatchUpgraded to 3.0.5High
CVE-2022-31129momentUpgraded to 2.29.4High
CVE-2021-3803nth-checkUpgraded to 2.0.1High
CVE-2021-23343path-parseUpgraded to 1.0.7High
CVE-2022-24999qsUpgraded to 6.5.3High
CVE-2023-27538curlUpgraded to 8.0.1Medium
CVE-2023-27537curlUpgraded to 8.0.1Medium
CVE-2023-27536curlUpgraded to 8.0.1Medium
CVE-2023-27535curlUpgraded to 8.0.1Medium
CVE-2023-27534curlUpgraded to 8.0.1High
CVE-2023-27533curlUpgraded to 8.0.1High
CVE-2023-23916curlUpgraded to 8.0.1Medium
CVE-2023-23915curlUpgraded to 8.0.1Medium
CVE-2023-23914curlUpgraded to 8.0.1Critical
CVE-2022-43552curlUpgraded to 8.0.1Medium
CVE-2022-43551curlUpgraded to 8.0.1High
CVE-2022-42916curlUpgraded to 8.0.1High
CVE-2022-42915curlUpgraded to 8.0.1High
CVE-2022-35260curlUpgraded to 8.0.1Medium
CVE-2022-32221curlUpgraded to 8.0.1Critical
CVE-2022-35252curlUpgraded to 8.0.1Low
CVE-2022-32208curlUpgraded to 8.0.1Medium
CVE-2022-32207curlUpgraded to 8.0.1Critical
CVE-2022-32206curlUpgraded to 8.0.1Medium
CVE-2022-32205curlUpgraded to 8.0.1Medium
CVE-2022-30115curlUpgraded to 8.0.1Medium
CVE-2022-27782curlUpgraded to 8.0.1High
CVE-2022-27781curlUpgraded to 8.0.1High
CVE-2022-27780curlUpgraded to 8.0.1High
CVE-2022-27779curlUpgraded to 8.0.1Medium
CVE-2022-27778curlUpgraded to 8.0.1High
CVE-2022-27776curlUpgraded to 8.0.1Medium
CVE-2022-27775curlUpgraded to 8.0.1High
CVE-2022-27774curlUpgraded to 8.0.1Medium
CVE-2022-22576curlUpgraded to 8.0.1High
CVE-2021-22947curlUpgraded to 8.0.1Medium
CVE-2021-22946curlUpgraded to 8.0.1High
CVE-2021-22945curlUpgraded to 8.0.1Critical
CVE-2021-22926curlUpgraded to 8.0.1High
CVE-2021-22925curlUpgraded to 8.0.1Medium
CVE-2021-22924curlUpgraded to 8.0.1Low
CVE-2021-22923curlUpgraded to 8.0.1Medium
CVE-2021-22922curlUpgraded to 8.0.1Medium
CVE-2021-22901curlUpgraded to 8.0.1High
CVE-2021-22898curlUpgraded to 8.0.1Low
CVE-2021-22897curlUpgraded to 8.0.1Medium
CVE-2021-22890curlUpgraded to 8.0.1Low
CVE-2021-22876curlUpgraded to 8.0.1Medium
CVE-2020-8286curlUpgraded to 8.0.1High
CVE-2020-8285curlUpgraded to 8.0.1High
CVE-2020-8284curlUpgraded to 8.0.1Low
CVE-2020-8231curlUpgraded to 8.0.1High
CVE-2020-8177curlUpgraded to 8.0.1High
CVE-2020-8169curlUpgraded to 8.0.1High
CVE-2022-29804goUpgraded to 1.19.8High
CVE-2022-32189goUpgraded to 1.19.8High
CVE-2022-32148goUpgraded to 1.19.8Medium
CVE-2022-30635goUpgraded to 1.19.8High
CVE-2022-30633goUpgraded to 1.19.8High
CVE-2022-30632goUpgraded to 1.19.8High
CVE-2022-30631goUpgraded to 1.19.8High
CVE-2022-30630goUpgraded to 1.19.8High
CVE-2022-30629goUpgraded to 1.19.8Low
CVE-2022-30580goUpgraded to 1.19.8High
CVE-2022-28131goUpgraded to 1.19.8High
CVE-2022-1962goUpgraded to 1.19.8Medium
CVE-2022-1705goUpgraded to 1.19.8Medium
CVE-2022-30634goUpgraded to 1.19.8High
CVE-2022-29526goUpgraded to 1.19.8Medium
CVE-2022-28327goUpgraded to 1.19.8High
CVE-2022-24675goUpgraded to 1.19.8High
CVE-2022-27191goUpgraded to 1.19.8High
CVE-2022-24921goUpgraded to 1.19.8High
CVE-2022-23806goUpgraded to 1.19.8Critical
CVE-2022-23773goUpgraded to 1.19.8High
CVE-2022-23772goUpgraded to 1.19.8High
CVE-2021-39293goUpgraded to 1.19.8High
CVE-2021-44716goUpgraded to 1.19.8High
CVE-2021-44717goUpgraded to 1.19.8Medium
CVE-2021-41772goUpgraded to 1.19.8High
CVE-2021-41771goUpgraded to 1.19.8High
CVE-2021-38297goUpgraded to 1.19.8Critical
CVE-2021-36221goUpgraded to 1.19.8Medium
CVE-2021-29923goUpgraded to 1.19.8High
CVE-2021-33198goUpgraded to 1.19.8High
CVE-2021-33197goUpgraded to 1.19.8Medium
CVE-2021-33196goUpgraded to 1.19.8High
CVE-2021-33195goUpgraded to 1.19.8High
CVE-2021-34558goUpgraded to 1.19.8Medium
CVE-2021-31525goUpgraded to 1.19.8Medium
CVE-2021-33194goUpgraded to 1.19.8High
CVE-2021-27919goUpgraded to 1.19.8Medium
CVE-2021-27918goUpgraded to 1.19.8High
CVE-2022-29804goUpgraded to 1.19.8High
CVE-2022-32189goUpgraded to 1.19.8High
CVE-2022-32148goUpgraded to 1.19.8Medium
CVE-2022-30635goUpgraded to 1.19.8High
CVE-2022-30633goUpgraded to 1.19.8High
CVE-2022-30632goUpgraded to 1.19.8High
CVE-2022-30631goUpgraded to 1.19.8High
CVE-2022-30630goUpgraded to 1.19.8High
CVE-2022-30629goUpgraded to 1.19.8Low
CVE-2022-30580goUpgraded to 1.19.8High
CVE-2022-28131goUpgraded to 1.19.8High
CVE-2022-1962goUpgraded to 1.19.8Medium
CVE-2022-1705goUpgraded to 1.19.8Medium
CVE-2022-30634goUpgraded to 1.19.8High
CVE-2022-29526goUpgraded to 1.19.8Medium
CVE-2022-28327goUpgraded to 1.19.8High
CVE-2022-24675goUpgraded to 1.19.8High
CVE-2022-27191goUpgraded to 1.19.8High
CVE-2022-24921goUpgraded to 1.19.8High
CVE-2022-23806goUpgraded to 1.19.8Critical
CVE-2022-23773goUpgraded to 1.19.8High
CVE-2022-23772goUpgraded to 1.19.8High
CVE-2021-39293goUpgraded to 1.19.8High
CVE-2021-44716goUpgraded to 1.19.8High
CVE-2021-44717goUpgraded to 1.19.8Medium
CVE-2021-41772goUpgraded to 1.19.8High
CVE-2021-41771goUpgraded to 1.19.8High
CVE-2021-38297goUpgraded to 1.19.8Critical
CVE-2022-29804goUpgraded to 1.19.8High
CVE-2022-32189goUpgraded to 1.19.8High
CVE-2022-32148goUpgraded to 1.19.8Medium
CVE-2022-30635goUpgraded to 1.19.8High
CVE-2022-30633goUpgraded to 1.19.8High
CVE-2022-30632goUpgraded to 1.19.8High
CVE-2022-30631goUpgraded to 1.19.8High
CVE-2022-30630goUpgraded to 1.19.8High
CVE-2022-30629goUpgraded to 1.19.8Low
CVE-2022-30580goUpgraded to 1.19.8High
CVE-2022-28131goUpgraded to 1.19.8High
CVE-2022-1962goUpgraded to 1.19.8Medium
CVE-2022-1705goUpgraded to 1.19.8Medium
CVE-2022-30634goUpgraded to 1.19.8High
CVE-2022-29526goUpgraded to 1.19.8Medium
CVE-2022-27536goUpgraded to 1.19.8High
CVE-2022-28327goUpgraded to 1.19.8High
CVE-2022-23806goUpgraded to 1.2Critical
CVE-2021-38297goUpgraded to 1.2Critical
CVE-2022-23806goUpgraded to 1.2Critical
CVE-2022-32149goUpgraded to 1.2High
CVE-2022-30635goUpgraded to 1.2High
CVE-2022-23772goUpgraded to 1.2High
CVE-2022-40023goUpgraded to 1.2High
CVE-2022-40023goUpgraded to 1.2High
CVE-2021-43565goUpgraded to 1.2High
CVE-2022-30580goUpgraded to 1.2High
CVE-2022-30580goUpgraded to 1.2High
CVE-2022-30633goUpgraded to 1.2High
CVE-2022-30633goUpgraded to 1.2High
CVE-2022-28131goUpgraded to 1.2High
CVE-2022-28131goUpgraded to 1.2High
CVE-2022-30632goUpgraded to 1.2High
CVE-2022-30632goUpgraded to 1.2High
CVE-2021-38561goUpgraded to 1.2High
CVE-2022-41716goUpgraded to 1.2High
CVE-2022-41716goUpgraded to 1.2High
CVE-2022-40899goUpgraded to 1.2High
CVE-2022-28327goUpgraded to 1.2High
CVE-2022-28327goUpgraded to 1.2High
CVE-2022-24921goUpgraded to 1.2High
CVE-2022-24921goUpgraded to 1.2High
CVE-2022-30630goUpgraded to 1.2High
CVE-2022-30630goUpgraded to 1.2High
CVE-2022-27191goUpgraded to 1.2High
CVE-2022-27191goUpgraded to 1.2High
CVE-2022-42003goUpgraded to 1.2High
CVE-2022-23773goUpgraded to 1.2High
CVE-2022-23773goUpgraded to 1.2High
CVE-2022-30634goUpgraded to 1.2High
CVE-2020-29652goUpgraded to 1.2High
CVE-2022-41715goUpgraded to 1.2High
CVE-2022-41715goUpgraded to 1.2High
CVE-2022-24675goUpgraded to 1.2High
CVE-2022-24675goUpgraded to 1.2High
CVE-2022-30634goUpgraded to 1.2High
CVE-2022-41720goUpgraded to 1.2High
CVE-2022-3510goUpgraded to 1.2High
CVE-2022-27664goUpgraded to 1.2High
CVE-2022-23491goUpgraded to 1.2High
CVE-2022-23491goUpgraded to 1.2High
CVE-2022-2880goUpgraded to 1.2High
CVE-2022-2880goUpgraded to 1.2High
CVE-2022-29804goUpgraded to 1.2High
CVE-2022-32189goUpgraded to 1.2High
CVE-2022-32189goUpgraded to 1.2High
CVE-2021-39293goUpgraded to 1.2High
CVE-2021-41772goUpgraded to 1.2High
CVE-2022-29804goUpgraded to 1.2High
CVE-2022-30635goUpgraded to 1.2High
CVE-2022-23772goUpgraded to 1.2High
CVE-2022-41720goUpgraded to 1.2High
CVE-2022-3509goUpgraded to 1.2High
CVE-2022-2309goUpgraded to 1.2High
CVE-2022-30631goUpgraded to 1.2High
CVE-2022-30631goUpgraded to 1.2High
CVE-2018-20225goUpgraded to 1.2High
CVE-2022-32149goUpgraded to 1.2High
CVE-2021-43565goUpgraded to 1.2High
CVE-2020-28851goUpgraded to 1.2High
CVE-2022-42004goUpgraded to 1.2High
CVE-2022-1941goUpgraded to 1.2High
CVE-2022-3171goUpgraded to 1.2High
CVE-2021-41771goUpgraded to 1.2High
CVE-2022-2879goUpgraded to 1.2High
CVE-2022-2879goUpgraded to 1.2High
CVE-2022-1962goUpgraded to 1.2Medium
CVE-2022-29526goUpgraded to 1.2Medium
CVE-2021-44717goUpgraded to 1.2Medium
CVE-2022-1705goUpgraded to 1.2Medium
CVE-2021-22569goUpgraded to 1.2Medium
CVE-2021-29425goUpgraded to 1.2Medium
CVE-2022-1962goUpgraded to 1.2Medium
CVE-2022-29526goUpgraded to 1.2Medium
CVE-2022-1705goUpgraded to 1.2Medium
CVE-2013-7489goUpgraded to 1.2Medium
CVE-2022-32148goUpgraded to 1.2Medium
CVE-2022-32148goUpgraded to 1.2Medium
CVE-2021-20066goUpgraded to 1.2Medium
CVE-2021-3572goUpgraded to 1.2Medium
CVE-2018-10237goUpgraded to 1.2Medium
CVE-2022-40897goUpgraded to 1.2Medium
CVE-2022-30629goUpgraded to 1.2Low
CVE-2020-8908goUpgraded to 1.2Low
CVE-2022-30629goUpgraded to 1.2Low
CVE-2022-41722goUpgraded to 1.2High
CVE-2022-25881http-cache-semanticsUpgraded to 4.1.1High
CVE-2022-42003jackson-databindUpgraded to 2.13.5High
CVE-2022-42004jackson-databindUpgraded to 2.13.5High
CVE-2021-41182jquery-uiUpgraded to 1.13.2Medium
CVE-2021-41183jquery-uiUpgraded to 1.13.2Medium
CVE-2021-41184jquery-uiUpgraded to 1.13.2Medium
CVE-2022-46175json5Upgraded to 1.0.2High
CVE-2022-36227libarchiveUpgraded to 3.6.2Critical
CVE-2021-31566libarchiveUpgraded to 3.6.2High
CVE-2021-36976libarchiveUpgraded to 3.6.2Medium
CVE-2021-3520lz4Upgraded to. 1.9.4Critical
CVE-2022-40023makoPatchedHigh
CVE-2022-40023makoUpgraded to 1.2.4High
CVE-2020-14155pcre2Upgraded to 10.40Medium
CVE-2019-20454pcre2Upgraded to 10.40High
CVE-2019-20838pcre2Upgraded to 10.40High
CVE-2022-35737sqliteUpgraded to 3.41.2High
CVE-2023-29404goUpgraded to 1.19.10Critical
CVE-2023-29402goUpgraded to 1.19.10Critical
CVE-2023-24540goUpgraded to 1.19.10Critical
CVE-2023-29405goUpgraded to 1.19.10Critical
CVE-2023-29400goUpgraded to 1.19.10High
CVE-2023-24539goUpgraded to 1.19.10High
CVE-2023-29403goUpgraded to 1.19.10High
CVE-2023-29403goUpgraded to 1.19.10High

Solution

For Splunk Enterprise, upgrade versions to 8.2.12, 9.0.6, or 9.1.1.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.2-8.2.0 to 8.2.118.2.12
Splunk Enterprise9.0-9.0.0 to 9.0.59.0.6
Splunk Enterprise9.1-9.1.09.1.1

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.