Third-Party Package Updates in Splunk DB Connect - July 2025
Advisory ID: SVD-2025-0701
CVE ID: Multiple
Published: 2025-07-07
Last Update: 2025-07-07
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk DB Connect version 4.0 including the following:
Package | Remediation | CVE | Severity |
---|---|---|---|
bcprov-jdk15on | Upgraded to 1.7.9 | CVE-2024-29857 | Medium |
pyopenSSL | Upgraded to 24.2.1 | CVE-2023-5363 | High |
dompurify | Upgraded to 2.5.4 | CVE-2024-45801, CVE-2024-47875 | High |
requirejs | Upgraded to 2.3.7 | CVE-2024-38999 | High |
mysql-connector-python | Upgraded to 9.1.0 | CVE-2024-21272, CVE-2024-21090 | High |
Solution
Upgrade Splunk DB Connect to versions 4.0, or higher.
Product Status
Product | Base Version | Affected Version | Fix Version |
---|---|---|---|
Splunk DB Connect | 4.0 | Below 4.0.0 | 4.0.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.