Open aldiaz3137 opened 2 months ago
Thanks for bringing this up to our attention, we are now in the process of bumping our teams openSSL version. Thanks
OpenSSL version was bumped to 3.3.1 in the SAM CLI version 1.122.0. Closing as the CVE has been fixed.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Description:
Authenticated vulnerability scans are detecting the latest version as being vulnerable to CVE-2024-5535 related to OpenSSL verison 1.1.1w.
Tenable Nessus Agent reports the following:
Path : /usr/local/aws-sam-cli/dist/_internal/libcrypto.so.1.1 Reported version : 1.1.1w Fixed version : 1.1.1za
Path : /usr/local/aws-sam-cli/dist/_internal/libssl.so.1.1 Reported version : 1.1.1w Fixed version : 1.1.1za