Vulnerabilities in readonlyrest-1.39.0_es7.16.3

Hi,

As per NVD, the Apache HttpClient4.5.10 and elasticsearch-rest-high-level-client-7.16.3 present in readonlyrest-1.39.0_es7.16.3.zip are vulnerable.

CVE numbers are as follows:

  1. CVE-2022-23708
  2. CVE-2020-13956

Please have a look into this

2 Likes

Thanks @Sagarika. We now extended the automatic CVE check to Elasticsearch version dependent modules as well.

This is fixed in ROR 1.40.0

1 Like