openssl 1.0.2 vulnerability CVE-2022-3602 and CVE-2022-3786 #17162
Comments
|
As this is not really an issue and I don't see a discussion section for this repo is there some place I can raise the question as to when openssl will get updated to a newer version? |
|
This issue is stale because it has been open for 180 days with no activity. Remove the stale label or comment on the issue otherwise this will be closed in 5 days |
|
@jasontempleman-eaton did you get any resolution? |
|
No. Basically, asked if they are planning to update OpenSSL and no one ever responded. |
|
@jasontempleman-eaton Thank you for reply! I created a ticket with MS to get more clarification on same |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is installing openssl 1.0.2 (last updated 12/2019) and has known vulnerabilities.
OpenSSL has strongly recommended upgrading vulnerable versions to the latest patch of 3.0.7 to address the potential impact of the vulnerabilities.
https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/
ADDENDUM:
Was just informed by our Cyber Security team that this version is not affected by these CVE. That being said, is there plans to update openssl to a newer version?
The text was updated successfully, but these errors were encountered: