Version 1.120.0 Affected by CVE-2024-5535 #7253

aldiaz3137 · 2024-07-17T21:24:26Z

Description:

Authenticated vulnerability scans are detecting the latest version as being vulnerable to CVE-2024-5535 related to OpenSSL verison 1.1.1w.

Tenable Nessus Agent reports the following:

Path : /usr/local/aws-sam-cli/dist/_internal/libcrypto.so.1.1
Reported version : 1.1.1w
Fixed version : 1.1.1za

Path : /usr/local/aws-sam-cli/dist/_internal/libssl.so.1.1
Reported version : 1.1.1w
Fixed version : 1.1.1za

jysheng123 · 2024-07-18T16:40:49Z

Thanks for bringing this up to our attention, we are now in the process of bumping our teams openSSL version. Thanks

hnnasit · 2024-09-10T18:40:24Z

OpenSSL version was bumped to 3.3.1 in the SAM CLI version 1.122.0. Closing as the CVE has been fixed.

github-actions · 2024-09-10T18:40:41Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

aldiaz3137 added the stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. label Jul 17, 2024

jysheng123 added area/dependencies Updates a dependency and removed stage/needs-triage Automatically applied to new issues and PRs, indicating they haven't been looked at. labels Jul 18, 2024

hnnasit closed this as completed Sep 10, 2024

lucashuy reopened this Sep 25, 2024

lucashuy mentioned this issue Sep 25, 2024

chore: Bump OpenSSL to 3.0.15 #7513

Merged

8 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Version 1.120.0 Affected by CVE-2024-5535 #7253

Version 1.120.0 Affected by CVE-2024-5535 #7253

aldiaz3137 commented Jul 17, 2024

jysheng123 commented Jul 18, 2024

hnnasit commented Sep 10, 2024

github-actions bot commented Sep 10, 2024