Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Hi Team,
We are facing below OpenSearch image issues.
Could you please check and fix the issues.
|CVE-2022-46175|
|CVE-2020-36604|
|CVE-2017-20165|
|CVE-2022-37603|
|CVE-2022-37599|
|CVE-2022-46364|
|CVE-2022-46363|
|CVE-2022-41881|
Describe the issue:
Configuration:
Relevant Logs or Screenshots:
Hi,
I wanted to let you know that we are looking into these, and will reply back shortly.
If you can provide more information on the version/platform you’re seeing them on, that would be helpful.
Thanks,
/C
Hello,
Thank you for your message about the CVEs reported in OpenSearch/OpenSearch Dashboards. After a thorough review we have determined that the latest version (2.5.0) is not impacted by the following CVEs:
CVE-2020-36604,
CVE-2022-46364,
CVE-2022-46363,
CVE-2022-41881
In addition, the following CVEs will be addressed by including updated versions of the relevant libraries and any necessary fixes in the upcoming 2.6.0 release, with a tentative target release date of 2/28:
CVE-2022-46175,
CVE-2017-20165,
CVE-2022-37603,
CVE-2022-37599
Thanks,
Dave.