Security vulnerabilities in the latest Shiny Server v1.5.20.1002

Question

Security vulnerabilities in the latest Shiny Server v1.5.20.1002

Closed this issue 10 months ago · 2 comments

mahesh2013 commented a year ago

As of today (Nov 14, 2023) there are a number of high and medium security vulnerabilities in the latest Shiny Server v1.5.20.1002 released on December 6, 2022.

CVE-2023-32006 ( shiny-server/ext/node/bin/node )
CVE-2023-23918 ( shiny-server/ext/node/bin/node )
CVE-2023-23919 ( shiny-server/ext/node/bin/node )
CVE-2023-32559 ( shiny-server/ext/node/bin/node )
CVE-2023-39331 ( shiny-server/ext/node/bin/node )

Is the new version of the Shiny Server to address these and other vulnerabilities being planned? Any ETA is appreciated.

Answer 1 · 2023-11-16T17:28:59.000Z

@jcheng5 , Any help on these issues or any ETA to fix these issues? thanks

Answer 2 · 2024-02-27T08:29:41.000Z

Sorry for not replying earlier, these should've been fixed in Shiny Server 1.5.21, released in December. https://posit.co/download/shiny-server/