Third-Party Package Updates in the Splunk Add-on for Google Cloud Platform - October 2024
Advisory ID: SVD-2024-1014
CVE ID: Multiple
Published: 2024-10-30
Last Update: 2024-10-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the Splunk Add-on for Google Cloud Platform versions 4.7.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| urllib3 | Upgraded to 1.26.19 | CVE-2024-37891 | Medium |
| certifi | Upgraded to 2024.7.4 | CVE-2024-39689 | High |
Solution
Upgrade the Splunk Add-on for Google Cloud Platform to version 4.7.0 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Add-on for Google Cloud Platform | 4.7 | Below 4.7.0 | 4.7.0 |
Severity
For the CVEs in this list, Splunk adopted one of the following ratings:
- Where applicable, the severity rating that the vendor published, or
- The national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating, otherwise.