[BUG] CVE in splunk-sdk-python_1.6.2

rapidsai / clx

A collection of RAPIDS examples for security analysts, data scientists, and engineers to quickly get started applying RAPIDS and GPU acceleration to real-world cybersecurity use cases.

Apache License 2.0

168 stars 68 forks source link

[BUG] CVE in splunk-sdk-python_1.6.2 #480

Closed BartleyR closed 2 years ago

BartleyR commented 2 years ago

Describe the bug CLX has a dependency on splunk-sdk-python_1.6.2. That package is showing a CVE (specifically CVE-2019-5729).

Expected behavior Resolve the CVE. It looks like it is resolved beyond v1.6.6 (https://www.cvedetails.com/cve/CVE-2019-5729/).

BartleyR commented 2 years ago

Hopefully we can just upgrade to the latest version (v.1.6.16).

efajardo-nv commented 2 years ago

This dependency is coming from CLX having a splunklib directory for both the clx_query and export2kafka Splunk apps. The splunklib directories were copied to the repo after they were generated using our internal Splunk UI (v1.6.2) therefore tying us to v1.6.2.

To allow these apps to be used with other Splunk versions, the splunklib directories will be removed and READMEs will be updated to require Splunk UI artifacts be manually copied to container.