Third Party Package Update in Splunk Add-on for Google Cloud Platform
Advisory ID: SVD-2023-1102
CVE ID: Multiple
Published: 2023-11-16
Last Update: 2023-11-16
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in version 4.3.0 of Splunk Add-on for Google Cloud Platform.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| certifi | Upgraded to 2023.7.22 | CVE-2023-37920 | Critical |
| urllib3 | Upgraded to 1.26.18 | CVE-2023-45803 | Medium |
| urllib3 | Upgraded to 1.26.18 | CVE-2023-43804 | High |
| postcss | Upgraded to 8.4.31 | CVE-2023-44270 | Medium |
| semver | Upgraded to 6.3.1 and 7.5.4 | CVE-2022-25883 | High |
Solution
For Splunk Add-on for Google Cloud Platform, upgrade versions to 4.3.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Google Cloud Platform | - | - | Below 4.3.0 | 4.3.0 |
Severity
For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.