Splunk AppDynamics

PHP agent linux agent vulnerabilities with library

Ryan_Mansfield
New Member

The latest version of the linux x64 php-agent (21.7.0.4560) is packaged with some out of date components: netty (4.1.38).
Currently this has some CVEs logged against it:

CVE-2019-20445

CVE-2019-20444

image.png

under the path: /proxy/lib/tp/grpc-netty-shaded-1.24.0.jar

Anyone know if this is something that can be patched, or if there is an intention to include a more up-to-date version in a future build?

Labels (1)
Tags (1)
0 Karma

iamryan
Community Manager
Community Manager

Hi @Ryan.Mansfield,

Thanks for reporting this. Let me share this with the right people and I'll report back!

0 Karma

Manasa_H_G
Engager

Hello @Ryan.Mansfield,

We are actively working on fixing the vulnerability.

Regards,

Manasa H G

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...