Comments (2)
It seems that it is a library side CVE, not ruby gem.
https://security-tracker.debian.org/tracker/CVE-2023-0464
https://security-tracker.debian.org/tracker/CVE-2023-4807
https://security-tracker.debian.org/tracker/CVE-2023-5363
At least about debian, it seems that these CVE was already fixed so If you update to latest one, it does not affect.
RHEL or other distribution, need to check it.
from fluent-package-builder.
https://access.redhat.com/errata/RHSA-2023:3722 CVE-2023-0464
https://access.redhat.com/errata/RHSA-2024:0310 CVE-2023-5363
CVE-2023-4807 may be windows specific and it says:
However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.
ref. https://security-tracker.debian.org/tracker/CVE-2023-4807
from fluent-package-builder.
Related Issues (20)
- Improve downloading artifiacts procedure HOT 4
- td-agent not starting as Windows service if installed in directory containing spaces, e.g. "Program Files" HOT 1
- .package_note-fluent-package-5.0.1-1.amzn2023.x86_64.ld is no exist HOT 4
- some CI fails because of vagrant shared folder configuration HOT 3
- rpm: User is removed at uninstalling, which can cause error at reinstalling
- Add option to choice whether it enables to start fluentd service or not HOT 2
- Keep fluentdwinsvc commandline option during upgrading HOT 1
- msi: Env var PATH for Fluent Package Prompt are specified in a not good way HOT 1
- Vulnerabilities in yajl-ruby-1.4.1 & fluentd-1.14.6 package of fluent-plugin-td-1.2.0 HOT 1
- Enabled state of systemd service isn't migrated on upgrading from td-agent v4 to fluent-package v5
- Prevent accidental duplicate launching HOT 13
- Use ruby 3.2.3 HOT 3
- Windows: Slow service start (fluent-package) HOT 2
- Windows: a garbage character is sometimes placed at the end of 'fluentdopt' registry value (fluent-package) HOT 2
- Windows: td-agent 4.5.2 Too many open files HOT 1
- nokogiri-1.15.3 in td-agent v4.5.3 has vulnerability(CVE-2019-18425) HOT 1
- Install win32-service gem from a forked repository HOT 2
- fluent-package: msi: migration process wrongly runs every update in env once updated from v4 HOT 1
- MSI: specify custom install path over commandline
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fluent-package-builder.