Critical Vulnerabilities in aws inspector

Question

Critical Vulnerabilities in aws inspector

Closed this issue 6 days ago · 6 comments

Last week in AWS inspector critical vulnerabilities has been identified in multiple lambdas. We ran the v6.0.1 version of cloudformation. Could you please help in this.

CVE-2024-7042 - @langchain/community, langchain

CVE-2024-7774 - langchain

Answer 1 · 2024-11-08T16:45:27.000Z

Hi @anjugds ,
thanks for reporting this with detailed information. We will look into this and revert back.

Answer 2 · 2024-11-14T11:30:26.000Z

Hi @abhirpat

We ran the v6.1.3 version of cloudformation and this is a critical vulnerability in our account. Could you please help us with this?

Answer 3 · 2024-11-17T17:28:30.000Z

hi @fhoueto-amz , We are currently awaiting a resolution, as this issue is impacting a client project and is preventing further production deployments. Your prompt assistance is needed, as this involves a critical vulnerability with prompt injection and SQL injection.

Answer 4 · 2024-11-18T18:40:46.000Z

Hi @anjugds, we are planning to address this in the next CVE patch release (6.1.5) sometime this week. Thanks again for bringing this up!

Answer 5 · 2024-11-21T14:40:04.000Z

Were you able to deploy the CVE Patch yesterday?

Answer 6 · 2024-11-21T16:29:21.000Z

@mfarnga v6.1.5 CVE Patch is out, see.

Closing this ticket.