Splunk Enterprise Security (ES) Third-Party Package Updates - January 2024

Advisory ID: SVD-2024-0103

CVE ID:  Multiple

Published: 2024-01-09

Last Update: 2024-01-11


Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise Security (ES) versions 7.1.2, 7.2.0 and higher, including the following:

babel/traverseUpgraded to 7.23.2CVE-2023-45133High
handsontableUpgraded to 13.1.0CVE-2021-23446High
semverUpgraded to 6.3.1CVE-2022-25883High
loader-utilsUpgraded to 1.4.2CVE-2022-37599High
loader-utilsUpgraded to 1.4.2CVE-2022-37603High
loader-utilsUpgraded to 1.4.2CVE-2022-37601Critical
json5Upgraded to 1.0.2CVE-2022-46175High


Upgrade Splunk Enterprise Security (ES) to version 7.1.2, 7.2.0, 7.3.0 or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise Security (ES)7.3--7.3.0
Splunk Enterprise Security (ES)7.2--7.2.0
Splunk Enterprise Security (ES)7.1-Below


For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.


  • 2024-01-11: Updated affected version for 7.1 from “Below 7.1.1” to “Below 7.1.2”