Thank you for your message about the CVEs reported in OpenSearch/OpenSearch Dashboards version 2.10. After a thorough review we have determined this version is not impacted by the following CVEs:
ALAS-2023-2287
ALAS-2023-2271
CVE-2020-36604
In addition, the following CVEs have been addressed by including updated versions of the relevant libraries and any necessary fixes in the 2.11 release, which was released October 16:
Finally, the following CVE will be addressed by including updated versions of the relevant libraries and any necessary fixes in the upcoming 2.12 release, with a tentative target release date of January 23, 2024: