Third-Party Package Updates in Splunk Add-on Builder - January 2024

Advisory ID: SVD-2024-0112

CVE ID:  Multiple

Published: 2024-01-30

Last Update: 2024-01-30


Splunk remedied common vulnerabilities and exposures (CVEs) in Third-Party Packages in Splunk Add-on Builder version 4.1.4, including the following:

requestsUpgraded to 2.31.0CVE-2023-32681Medium
semverUpgraded to 5.7.2CVE-2022-25883High


For Splunk Add-on Builder, upgrade to version 4.1.4.

Splunk Add-on Builder replicates the requests Python HTTP library to custom apps and add-ons. After you upgrade Splunk Add-on Builder, review the following additional information if you use Add-on Builder to edit custom apps or add-ons:
    1. Use Add-on Builder to edit and save the affected app. See the Add-on Builder documentation for more information.
    2. Restart Splunk Enterprise

If the custom app or add-on is also installed on instances without Add-on Builder, you must package the upgraded custom app or add-on, then install it on the instances. See Validate and Package and Package apps for more information.

For affected apps and add-ons that are already on SplunkBase, as a third-party developer, you must publish an updated version of the app or add-on to SplunkBase. For more information, see Publish apps for Splunk Cloud Platform or Splunk Enterprise to Splunkbase. Cloud-vetted apps are subject to the Cloud Vetting Change Policy.

Note: The Splunk Add-on Builder does not replicate the semver (Semantic Version parser) library to custom apps and add-ons.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Add-on Builder--Below


For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.