search

splunk / fluent-plugin-splunk-hec

This is the Fluentd output plugin for sending events to Splunk via HEC.
Apache License 2.0
84 stars 90 forks source link

Upgrade json-jwt gem to fix vulnerabilities. #287

Open skumarp7 opened 7 months ago

skumarp7 commented 7 months ago

Hi team,

Our security scans of splunk/fluent-plugin-splunk-hec have reported vulnerabilities on json-jwt:1.15.0 . What would you like to be added:

Upgrade to fixed version of json-jwt to mitigate this vulnerability

Affected gem: json-jwt Severity: High Fixed version: 1.16.3

CVE-2023-51774: https://nvd.nist.gov/vuln/detail/CVE-2023-51774

Why is this needed:

To remove the vulnerability

Please let me know if i can raise a PR to fix this.

skumarp7 commented 7 months ago

Hi, Please let me know if i can raise a PR to mitigate this vulnerablity.