Resolving Security Vulnerability CVE-2023-41993

sriram225 · 13 June 2024 16:25

Hi Team, Our security team has constantly flagging vulnerability CVE-2023-41993 on the cp-kafka-connect image ,

Description as follows,

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

This is what my docker file says,
FROM docker.repo1.uhc.com/confluentinc/cp-kafka-connect:latest

in addition above image is extended to use below dependencies,

snowflake-kafka-connector-1.8.0.jar
snowflake-jdbc-3.13.21.jar
snowflake-jdbc-connector-3.13.21.jar
bc-fips-1.0.2.1.jar
bcpkix-fips-1.0.5.jar

Couldn’t really figure out how to resolve this , please help here!

dtroiano · 13 June 2024 18:31

Does the vulnerability report give any pointer to the vulnerability source, e.g., a particular software package? It’s not making sense to me (a macOS vulnerability flagged in a Red Hat UBI 8-based image).

system · 13 July 2024 18:32

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Resolving CVE-2022-48566 and CVE-2023-40217 Kafka Connect	1	1242	29 October 2023
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	3252	14 December 2021
Critical security vulnerability code-named “Log4Shell” (tracked as CVE-2021-44228) Managed Connectors	3	3488	21 December 2021
Vulnerabilities Fix Kafka Connect	3	45	9 December 2024
Is cp-kafka-connect-base image still using confluent forked log4j v1.x? Self-Managed Connectors	1	1844	4 June 2023

Resolving Security Vulnerability CVE-2023-41993

Related topics