[Bug, Vulnerability] CVE-2023-48795 #11936
Description
Search before asking
- I had searched in the issues and found no similar issues.
Apache SkyWalking Component
OAP server (apache/skywalking)
What happened
Good day,
The scanner flags CVE-2023-48795 in OAP and UI that I am required to fix to continue using this great project..
The skywalking is deployed using a helm chart.
More information:
OAP:
- fixedVersion: 0.17.0
installedVersion: v0.0.0-20220411220226-7b82a4e95df4
lastModifiedDate: "2024-01-29T09:15:42Z"
links: []
primaryLink: https://avd.aquasec.com/nvd/cve-2023-48795
publishedDate: "2023-12-18T16:15:10Z"
resource: golang.org/x/crypto
score: 5.9
severity: MEDIUM
target: ""
title: 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)'
vulnerabilityID: CVE-2023-48795
UI:
- fixedVersion: 0.9.6-2ubuntu0.22.04.2
installedVersion: 0.9.6-2ubuntu0.22.04.1
lastModifiedDate: "2024-01-29T09:15:42Z"
links: []
primaryLink: https://avd.aquasec.com/nvd/cve-2023-48795
publishedDate: "2023-12-18T16:15:10Z"
resource: libssh-4
score: 5.9
severity: MEDIUM
target: ""
title: 'ssh: Prefix truncation attack on Binary Packet Protocol (BPP)'
vulnerabilityID: CVE-2023-4879
What you expected to happen
No vulnerability found
How to reproduce
Install skywalking via helm chart
Anything else
No response
Are you willing to submit a pull request to fix on your own?
- Yes I am willing to submit a pull request on my own!
Code of Conduct
- I agree to follow this project's Code of Conduct