AFT Lambda Functions CVE

aws-ia / terraform-aws-control_tower_account_factory

AWS Control Tower Account Factory

Apache License 2.0

605 stars 386 forks source link

AFT Lambda Functions CVE #355

Closed Adrian-Pena closed 1 year ago

Adrian-Pena commented 1 year ago

AFT Version:

N/A

terraform version

v4.9.0

Bug Description Currently Multiple Lambda functions within AFT display 8 different CVEs each.

CVEs:

CVE-2022-40897
CVE-2023-0401
CVE-2023-0215
CVE-2022-4450
CVE-2022-3996
CVE-2023-0216
CVE-2023-0217
CVE-2023-0286

Expected behavior Lambda Functions should not be vulnerable to these CVEs.

Related Logs N/A

Additional context N/A

hanafya commented 1 year ago

Hey @Adrian-Pena! Thank you for bring this to our attention! We reviewed the findings and determined that this doesn't specifically impact AFT. We also notified the Lambda team with these findings for further review.