Third-Party Package Updates in Splunk App for Data Science and Deep Learning - March 2025
Advisory ID: SVD-2025-0309
CVE ID: Multiple
Published: 2025-03-26
Last Update: 2025-03-26
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk App for Data Science and Deep Learning App version 5.2.0 including the following:
Package | Remediation | CVE | Severity |
---|---|---|---|
certifi1 | Upgraded to 2024.7.4 | Multiple | High |
requests2 | Upgraded to 2.31.0 | Multiple | Medium |
urllib33 | Upgraded to 1.26.18 | Multiple | High |
urllib34 | Upgraded to 1.26.19 | Multiple | Medium |
1 Upgraded certifi in mltk-container/lib/certifi-2022.12.7.dist-info/METADATA from 2022.12.7 to 2024.7.4 to remedy CVE-2023-37920, CVE-2024-39689.
2 Upgraded requests in mltk-container/lib/requests-2.28.2.dist-info/METADATA from 2.28.2 to 2.31.0 to remedy CVE-2023-32681, CVE-2024-35195.
3 Upgraded urllib3 in mltk-container/lib/urllib3-1.25.11.dist-info/METADATA from 1.25.11 to 1.26.18 to remedy CVE-2021-33503, CVE-2023-43804 and CVE-2023-45803.
4 Upgraded urllib3 in mltk-container/lib/urllib3-1.26.14.dist-info/METADATA from 1.26.14 to 1.26.19 to remedy CVE-2023-43804, VE-2023-45803 and CVE-2024-37891.
Solution
Upgrade Splunk App for Data Science and Deep Learning to versions 5.2.0, or higher.
Product Status
Product | Version | Component | Affected Version | Fix Version |
---|---|---|---|---|
Splunk App for Data Science and Deep Learning | 5.2.0 | 5.1.2, 5.1.1 and 5.1.0 | 5.2.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.