Facing issue with OpenSearch image vulnerabilities

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Hi Team,

We are facing below OpenSearch image issues.
Could you please check and fix the issues.

|CVE-2022-46175|
|CVE-2020-36604|
|CVE-2017-20165|
|CVE-2022-37603|
|CVE-2022-37599|
|CVE-2022-46364|
|CVE-2022-46363|
|CVE-2022-41881|

Describe the issue:

Configuration:

Relevant Logs or Screenshots:

Hi,
I wanted to let you know that we are looking into these, and will reply back shortly.

If you can provide more information on the version/platform you’re seeing them on, that would be helpful.

Thanks,
/C

1 Like

Hello,

Thank you for your message about the CVEs reported in OpenSearch/OpenSearch Dashboards. After a thorough review we have determined that the latest version (2.5.0) is not impacted by the following CVEs:

​CVE-2020-36604,
CVE-2022-46364,
CVE-2022-46363,
CVE-2022-41881

In addition, the following CVEs will be addressed by including updated versions of the relevant libraries and any necessary fixes in the upcoming 2.6.0 release, with a tentative target release date of 2/28:

​CVE-2022-46175,
CVE-2017-20165,
CVE-2022-37603,
CVE-2022-37599

Thanks,
Dave.

1 Like