August Third Party Package Updates in Splunk Enterprise
Advisory ID: SVD-2023-0808
CVE ID: Multiple
Published: 2023-08-30
Last Update: 2023-08-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise, including the folLowing:
CVE | Package | Remediation | Severity |
---|---|---|---|
CVE-2022-38900 | decode-uri-component | Upgraded to 6.0.0 | High |
CVE-2022-33987 | got | Upgraded to 12.5.3 | Medium |
CVE-2022-37601 | loader-utils | Upgraded to 1.4.2 | Critical |
CVE-2021-23382 | postcss | Upgraded to 7.0.37 | High |
CVE-2021-29060 | color-string | Upgraded to 1.5.5 | Medium |
CVE-2022-38900 | decode-uri-component | Upgraded to 0.2.1 | High |
CVE-2020-28469 | glob-parent | Upgraded to 5.1.2 | High |
CVE-2022-37599 | loader-utils | Upgraded to 2.0.4 | High |
CVE-2022-37601 | loader-utils | Upgraded to 2.0.4 | Critical |
CVE-2022-37603 | loader-utils | Upgraded to 2.0.4 | High |
CVE-2022-3517 | minimatch | Upgraded to 3.0.5 | High |
CVE-2022-31129 | moment | Upgraded to 2.29.4 | High |
CVE-2021-3803 | nth-check | Upgraded to 2.0.1 | High |
CVE-2021-23343 | path-parse | Upgraded to 1.0.7 | High |
CVE-2022-24999 | qs | Upgraded to 6.5.3 | High |
CVE-2023-27538 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27537 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27536 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27535 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-27534 | curl | Upgraded to 8.0.1 | High |
CVE-2023-27533 | curl | Upgraded to 8.0.1 | High |
CVE-2023-23916 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23915 | curl | Upgraded to 8.0.1 | Medium |
CVE-2023-23914 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-43552 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-43551 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42916 | curl | Upgraded to 8.0.1 | High |
CVE-2022-42915 | curl | Upgraded to 8.0.1 | High |
CVE-2022-35260 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32221 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-35252 | curl | Upgraded to 8.0.1 | Low |
CVE-2022-32208 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32207 | curl | Upgraded to 8.0.1 | Critical |
CVE-2022-32206 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-32205 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-30115 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27782 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27781 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27780 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27779 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27778 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27776 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-27775 | curl | Upgraded to 8.0.1 | High |
CVE-2022-27774 | curl | Upgraded to 8.0.1 | Medium |
CVE-2022-22576 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22947 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22946 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22945 | curl | Upgraded to 8.0.1 | Critical |
CVE-2021-22926 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22925 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22924 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22923 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22922 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22901 | curl | Upgraded to 8.0.1 | High |
CVE-2021-22898 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22897 | curl | Upgraded to 8.0.1 | Medium |
CVE-2021-22890 | curl | Upgraded to 8.0.1 | Low |
CVE-2021-22876 | curl | Upgraded to 8.0.1 | Medium |
CVE-2020-8286 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8285 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8284 | curl | Upgraded to 8.0.1 | Low |
CVE-2020-8231 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8177 | curl | Upgraded to 8.0.1 | High |
CVE-2020-8169 | curl | Upgraded to 8.0.1 | High |
CVE-2022-29804 | go | Upgraded to 1.19.8 | High |
CVE-2022-32189 | go | Upgraded to 1.19.8 | High |
CVE-2022-32148 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30635 | go | Upgraded to 1.19.8 | High |
CVE-2022-30633 | go | Upgraded to 1.19.8 | High |
CVE-2022-30632 | go | Upgraded to 1.19.8 | High |
CVE-2022-30631 | go | Upgraded to 1.19.8 | High |
CVE-2022-30630 | go | Upgraded to 1.19.8 | High |
CVE-2022-30629 | go | Upgraded to 1.19.8 | Low |
CVE-2022-30580 | go | Upgraded to 1.19.8 | High |
CVE-2022-28131 | go | Upgraded to 1.19.8 | High |
CVE-2022-1962 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-1705 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30634 | go | Upgraded to 1.19.8 | High |
CVE-2022-29526 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-28327 | go | Upgraded to 1.19.8 | High |
CVE-2022-24675 | go | Upgraded to 1.19.8 | High |
CVE-2022-27191 | go | Upgraded to 1.19.8 | High |
CVE-2022-24921 | go | Upgraded to 1.19.8 | High |
CVE-2022-23806 | go | Upgraded to 1.19.8 | Critical |
CVE-2022-23773 | go | Upgraded to 1.19.8 | High |
CVE-2022-23772 | go | Upgraded to 1.19.8 | High |
CVE-2021-39293 | go | Upgraded to 1.19.8 | High |
CVE-2021-44716 | go | Upgraded to 1.19.8 | High |
CVE-2021-44717 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-41772 | go | Upgraded to 1.19.8 | High |
CVE-2021-41771 | go | Upgraded to 1.19.8 | High |
CVE-2021-38297 | go | Upgraded to 1.19.8 | Critical |
CVE-2021-36221 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-29923 | go | Upgraded to 1.19.8 | High |
CVE-2021-33198 | go | Upgraded to 1.19.8 | High |
CVE-2021-33197 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-33196 | go | Upgraded to 1.19.8 | High |
CVE-2021-33195 | go | Upgraded to 1.19.8 | High |
CVE-2021-34558 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-31525 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-33194 | go | Upgraded to 1.19.8 | High |
CVE-2021-27919 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-27918 | go | Upgraded to 1.19.8 | High |
CVE-2022-29804 | go | Upgraded to 1.19.8 | High |
CVE-2022-32189 | go | Upgraded to 1.19.8 | High |
CVE-2022-32148 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30635 | go | Upgraded to 1.19.8 | High |
CVE-2022-30633 | go | Upgraded to 1.19.8 | High |
CVE-2022-30632 | go | Upgraded to 1.19.8 | High |
CVE-2022-30631 | go | Upgraded to 1.19.8 | High |
CVE-2022-30630 | go | Upgraded to 1.19.8 | High |
CVE-2022-30629 | go | Upgraded to 1.19.8 | Low |
CVE-2022-30580 | go | Upgraded to 1.19.8 | High |
CVE-2022-28131 | go | Upgraded to 1.19.8 | High |
CVE-2022-1962 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-1705 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30634 | go | Upgraded to 1.19.8 | High |
CVE-2022-29526 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-28327 | go | Upgraded to 1.19.8 | High |
CVE-2022-24675 | go | Upgraded to 1.19.8 | High |
CVE-2022-27191 | go | Upgraded to 1.19.8 | High |
CVE-2022-24921 | go | Upgraded to 1.19.8 | High |
CVE-2022-23806 | go | Upgraded to 1.19.8 | Critical |
CVE-2022-23773 | go | Upgraded to 1.19.8 | High |
CVE-2022-23772 | go | Upgraded to 1.19.8 | High |
CVE-2021-39293 | go | Upgraded to 1.19.8 | High |
CVE-2021-44716 | go | Upgraded to 1.19.8 | High |
CVE-2021-44717 | go | Upgraded to 1.19.8 | Medium |
CVE-2021-41772 | go | Upgraded to 1.19.8 | High |
CVE-2021-41771 | go | Upgraded to 1.19.8 | High |
CVE-2021-38297 | go | Upgraded to 1.19.8 | Critical |
CVE-2022-29804 | go | Upgraded to 1.19.8 | High |
CVE-2022-32189 | go | Upgraded to 1.19.8 | High |
CVE-2022-32148 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30635 | go | Upgraded to 1.19.8 | High |
CVE-2022-30633 | go | Upgraded to 1.19.8 | High |
CVE-2022-30632 | go | Upgraded to 1.19.8 | High |
CVE-2022-30631 | go | Upgraded to 1.19.8 | High |
CVE-2022-30630 | go | Upgraded to 1.19.8 | High |
CVE-2022-30629 | go | Upgraded to 1.19.8 | Low |
CVE-2022-30580 | go | Upgraded to 1.19.8 | High |
CVE-2022-28131 | go | Upgraded to 1.19.8 | High |
CVE-2022-1962 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-1705 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-30634 | go | Upgraded to 1.19.8 | High |
CVE-2022-29526 | go | Upgraded to 1.19.8 | Medium |
CVE-2022-27536 | go | Upgraded to 1.19.8 | High |
CVE-2022-28327 | go | Upgraded to 1.19.8 | High |
CVE-2022-23806 | go | Upgraded to 1.2 | Critical |
CVE-2021-38297 | go | Upgraded to 1.2 | Critical |
CVE-2022-23806 | go | Upgraded to 1.2 | Critical |
CVE-2022-32149 | go | Upgraded to 1.2 | High |
CVE-2022-30635 | go | Upgraded to 1.2 | High |
CVE-2022-23772 | go | Upgraded to 1.2 | High |
CVE-2022-40023 | go | Upgraded to 1.2 | High |
CVE-2022-40023 | go | Upgraded to 1.2 | High |
CVE-2021-43565 | go | Upgraded to 1.2 | High |
CVE-2022-30580 | go | Upgraded to 1.2 | High |
CVE-2022-30580 | go | Upgraded to 1.2 | High |
CVE-2022-30633 | go | Upgraded to 1.2 | High |
CVE-2022-30633 | go | Upgraded to 1.2 | High |
CVE-2022-28131 | go | Upgraded to 1.2 | High |
CVE-2022-28131 | go | Upgraded to 1.2 | High |
CVE-2022-30632 | go | Upgraded to 1.2 | High |
CVE-2022-30632 | go | Upgraded to 1.2 | High |
CVE-2021-38561 | go | Upgraded to 1.2 | High |
CVE-2022-41716 | go | Upgraded to 1.2 | High |
CVE-2022-41716 | go | Upgraded to 1.2 | High |
CVE-2022-40899 | go | Upgraded to 1.2 | High |
CVE-2022-28327 | go | Upgraded to 1.2 | High |
CVE-2022-28327 | go | Upgraded to 1.2 | High |
CVE-2022-24921 | go | Upgraded to 1.2 | High |
CVE-2022-24921 | go | Upgraded to 1.2 | High |
CVE-2022-30630 | go | Upgraded to 1.2 | High |
CVE-2022-30630 | go | Upgraded to 1.2 | High |
CVE-2022-27191 | go | Upgraded to 1.2 | High |
CVE-2022-27191 | go | Upgraded to 1.2 | High |
CVE-2022-42003 | go | Upgraded to 1.2 | High |
CVE-2022-23773 | go | Upgraded to 1.2 | High |
CVE-2022-23773 | go | Upgraded to 1.2 | High |
CVE-2022-30634 | go | Upgraded to 1.2 | High |
CVE-2020-29652 | go | Upgraded to 1.2 | High |
CVE-2022-41715 | go | Upgraded to 1.2 | High |
CVE-2022-41715 | go | Upgraded to 1.2 | High |
CVE-2022-24675 | go | Upgraded to 1.2 | High |
CVE-2022-24675 | go | Upgraded to 1.2 | High |
CVE-2022-30634 | go | Upgraded to 1.2 | High |
CVE-2022-41720 | go | Upgraded to 1.2 | High |
CVE-2022-3510 | go | Upgraded to 1.2 | High |
CVE-2022-27664 | go | Upgraded to 1.2 | High |
CVE-2022-23491 | go | Upgraded to 1.2 | High |
CVE-2022-23491 | go | Upgraded to 1.2 | High |
CVE-2022-2880 | go | Upgraded to 1.2 | High |
CVE-2022-2880 | go | Upgraded to 1.2 | High |
CVE-2022-29804 | go | Upgraded to 1.2 | High |
CVE-2022-32189 | go | Upgraded to 1.2 | High |
CVE-2022-32189 | go | Upgraded to 1.2 | High |
CVE-2021-39293 | go | Upgraded to 1.2 | High |
CVE-2021-41772 | go | Upgraded to 1.2 | High |
CVE-2022-29804 | go | Upgraded to 1.2 | High |
CVE-2022-30635 | go | Upgraded to 1.2 | High |
CVE-2022-23772 | go | Upgraded to 1.2 | High |
CVE-2022-41720 | go | Upgraded to 1.2 | High |
CVE-2022-3509 | go | Upgraded to 1.2 | High |
CVE-2022-2309 | go | Upgraded to 1.2 | High |
CVE-2022-30631 | go | Upgraded to 1.2 | High |
CVE-2022-30631 | go | Upgraded to 1.2 | High |
CVE-2018-20225 | go | Upgraded to 1.2 | High |
CVE-2022-32149 | go | Upgraded to 1.2 | High |
CVE-2021-43565 | go | Upgraded to 1.2 | High |
CVE-2020-28851 | go | Upgraded to 1.2 | High |
CVE-2022-42004 | go | Upgraded to 1.2 | High |
CVE-2022-1941 | go | Upgraded to 1.2 | High |
CVE-2022-3171 | go | Upgraded to 1.2 | High |
CVE-2021-41771 | go | Upgraded to 1.2 | High |
CVE-2022-2879 | go | Upgraded to 1.2 | High |
CVE-2022-2879 | go | Upgraded to 1.2 | High |
CVE-2022-1962 | go | Upgraded to 1.2 | Medium |
CVE-2022-29526 | go | Upgraded to 1.2 | Medium |
CVE-2021-44717 | go | Upgraded to 1.2 | Medium |
CVE-2022-1705 | go | Upgraded to 1.2 | Medium |
CVE-2021-22569 | go | Upgraded to 1.2 | Medium |
CVE-2021-29425 | go | Upgraded to 1.2 | Medium |
CVE-2022-1962 | go | Upgraded to 1.2 | Medium |
CVE-2022-29526 | go | Upgraded to 1.2 | Medium |
CVE-2022-1705 | go | Upgraded to 1.2 | Medium |
CVE-2013-7489 | go | Upgraded to 1.2 | Medium |
CVE-2022-32148 | go | Upgraded to 1.2 | Medium |
CVE-2022-32148 | go | Upgraded to 1.2 | Medium |
CVE-2021-20066 | go | Upgraded to 1.2 | Medium |
CVE-2021-3572 | go | Upgraded to 1.2 | Medium |
CVE-2018-10237 | go | Upgraded to 1.2 | Medium |
CVE-2022-40897 | go | Upgraded to 1.2 | Medium |
CVE-2022-30629 | go | Upgraded to 1.2 | Low |
CVE-2020-8908 | go | Upgraded to 1.2 | Low |
CVE-2022-30629 | go | Upgraded to 1.2 | Low |
CVE-2022-41722 | go | Upgraded to 1.2 | High |
CVE-2022-25881 | http-cache-semantics | Upgraded to 4.1.1 | High |
CVE-2022-42003 | jackson-databind | Upgraded to 2.13.5 | High |
CVE-2022-42004 | jackson-databind | Upgraded to 2.13.5 | High |
CVE-2021-41182 | jquery-ui | Upgraded to 1.13.2 | Medium |
CVE-2021-41183 | jquery-ui | Upgraded to 1.13.2 | Medium |
CVE-2021-41184 | jquery-ui | Upgraded to 1.13.2 | Medium |
CVE-2022-46175 | json5 | Upgraded to 1.0.2 | High |
CVE-2022-36227 | libarchive | Upgraded to 3.6.2 | Critical |
CVE-2021-31566 | libarchive | Upgraded to 3.6.2 | High |
CVE-2021-36976 | libarchive | Upgraded to 3.6.2 | Medium |
CVE-2021-3520 | lz4 | Upgraded to. 1.9.4 | Critical |
CVE-2022-40023 | mako | Patched | High |
CVE-2022-40023 | mako | Upgraded to 1.2.4 | High |
CVE-2020-14155 | pcre2 | Upgraded to 10.40 | Medium |
CVE-2019-20454 | pcre2 | Upgraded to 10.40 | High |
CVE-2019-20838 | pcre2 | Upgraded to 10.40 | High |
CVE-2022-35737 | sqlite | Upgraded to 3.41.2 | High |
CVE-2023-29404 | go | Upgraded to 1.19.10 | Critical |
CVE-2023-29402 | go | Upgraded to 1.19.10 | Critical |
CVE-2023-24540 | go | Upgraded to 1.19.10 | Critical |
CVE-2023-29405 | go | Upgraded to 1.19.10 | Critical |
CVE-2023-29400 | go | Upgraded to 1.19.10 | High |
CVE-2023-24539 | go | Upgraded to 1.19.10 | High |
CVE-2023-29403 | go | Upgraded to 1.19.10 | High |
CVE-2023-29403 | go | Upgraded to 1.19.10 | High |
Solution
For Splunk Enterprise, upgrade versions to 8.2.12, 9.0.6, or 9.1.1.
Product Status
Product | Version | Component | Affected Version | Fix Version |
---|---|---|---|---|
Splunk Enterprise | 8.2 | - | 8.2.0 to 8.2.11 | 8.2.12 |
Splunk Enterprise | 9.0 | - | 9.0.0 to 9.0.5 | 9.0.6 |
Splunk Enterprise | 9.1 | - | 9.1.0 | 9.1.1 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.