CVE-2023-50782

We've using splunk-apm layer ARN and the version is 100 or 97, we scanned through AWS inspector, get a high level vulnerabilities
**Details**
The library `cryptography` version `41.0.7` was detected in `PIP library manager` located at `/layers/index/0/codeSha256/xxxxx/python/cryptography-41.0.7.dist-info/METADATA` and is vulnerable to `CVE-2023-50782`, which exists in versions `< 42.0.0`.

The vulnerability was found in the [Github Security Advisory](https://github.com/advisories/GHSA-3ww4-gg4f-jr7f) with vendor severity: `High` ([NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-50782) severity: `High`).

The vulnerability can be remediated by updating the library to version `42.0.0` or higher, using `pip install --upgrade cryptography`.

PoC
AWS Lambda function
Runtime Nodejs 14x
Splunk-apm arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:100 or arn:aws:lambda:us-east-1:254067382080:layer:splunk-apm:97

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2023-50782 #109

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2023-50782 #109

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions