Third-Party Package Updates in Splunk App for Data Science and Deep Learning - March 2025

Advisory ID: SVD-2025-0309

CVE ID:  Multiple

Published: 2025-03-26

Last Update: 2025-03-26

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk App for Data Science and Deep Learning App version 5.2.0 including the following:

PackageRemediationCVESeverity
certifi1Upgraded to 2024.7.4MultipleHigh
requests2Upgraded to 2.31.0MultipleMedium
urllib33Upgraded to 1.26.18MultipleHigh
urllib34Upgraded to 1.26.19MultipleMedium

1 Upgraded certifi in mltk-container/lib/certifi-2022.12.7.dist-info/METADATA from 2022.12.7 to 2024.7.4 to remedy CVE-2023-37920, CVE-2024-39689.

2 Upgraded requests in mltk-container/lib/requests-2.28.2.dist-info/METADATA from 2.28.2 to 2.31.0 to remedy CVE-2023-32681, CVE-2024-35195.

3 Upgraded urllib3 in mltk-container/lib/urllib3-1.25.11.dist-info/METADATA from 1.25.11 to 1.26.18 to remedy CVE-2021-33503, CVE-2023-43804 and CVE-2023-45803.

4 Upgraded urllib3 in mltk-container/lib/urllib3-1.26.14.dist-info/METADATA from 1.26.14 to 1.26.19 to remedy CVE-2023-43804, VE-2023-45803 and CVE-2024-37891.

Solution

Upgrade Splunk App for Data Science and Deep Learning to versions 5.2.0, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk App for Data Science and Deep Learning5.2.05.1.2, 5.1.1 and 5.1.05.2.0

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.