How to remove this opensearch-dashboard CVE-2020-36604 security vulnerability issue in 1.3.6

We are facing this CVE-2020-36604 security vulnerability issue in 1.3.6. Some can help me how can i resolve this issue. opensearch-dashboard.

Relevant Logs or Screenshots:

Hello @ranjeetsingh0902 - first, welcome to the OpenSearch community- we’re glad you’re here.

Another member asked about this and Dave gave this answer - please let me know if it is helpful: Facing issue with OpenSearch image vulnerabilities - #3 by davelago

Hi Kris,

We are using the 1.3.6 version, We need to bit help how to get resolve this issues in this 1.x version.

Hi @ranjeetsingh0902. As noted in the other forum post (thanks @kris for the cross-link!), CVE-2020-36604 is one of the CVEs reported where the team assessed no impact, so no need to backport any fixes to the 1.x line for it.

In general, for the CVEs where we are impacted, we try to backport/remediate the 1.x line with every patch release (1.3.9 being the next one, scheduled for March 16th (Release Schedule and Maintenance Policy · OpenSearch)

1 Like