Opensearch v2.2.1 with vulns CVE-2022-24823 CVE-2022-36033 after a Trivy Scan

kittone · September 7, 2022, 10:12am

Today running a Trivy scan on the version 2.2.1 of Opensearch I found the following vulnerabilities CVE-2022-24823 CVE-2022-36033 on the jars “netty-codec-4.1.72.Final”, “netty-codec-http2-4.1.72.Final.jar”, “netty-handler-4.1.72.Final.jar”, “jsoup-1.14.3.jar”.

pablo · September 20, 2022, 9:29pm

@kittone Please report it in OpenSearch security GitHub and share the link to the GitHub case here.

kittone · September 21, 2022, 9:29am

Hi,

When I try to open a security issue on Github I receive this message

How should I procede?

Thank you

Topic		Replies	Views
CVE-2022-42889 by opensearch OpenSearch cve , security-issue	5	839	October 27, 2022
Do we know if there are any known vulnerabilities in opensearch version 2.8.0? OpenSearch cve	3	455	July 13, 2023
Text4Shell CVE (CVE-2022-42889) detected in OpenSearch Security cve , security-issue	1	803	November 1, 2022
2.2 release bug fixes General Feedback releases , discuss	7	606	August 10, 2022
Opensearch configuration OpenSearch configure , install , security-issue	4	627	June 16, 2023

Opensearch v2.2.1 with vulns CVE-2022-24823 CVE-2022-36033 after a Trivy Scan

Related Topics