fluent-plugin-splunk-hec icon indicating copy to clipboard operation
fluent-plugin-splunk-hec copied to clipboard
verified publisher icon splunk

Upgrade json-jwt gem to fix vulnerabilities.

Open skumarp7 opened this issue 1 year ago • 1 comments

Hi team,

Our security scans of splunk/fluent-plugin-splunk-hec have reported vulnerabilities on json-jwt:1.15.0 . What would you like to be added:

Upgrade to fixed version of json-jwt to mitigate this vulnerability

Affected gem: json-jwt Severity: High Fixed version: 1.16.3

CVE-2023-51774: https://nvd.nist.gov/vuln/detail/CVE-2023-51774

Why is this needed:

To remove the vulnerability

Please let me know if i can raise a PR to fix this.

skumarp7 avatar Apr 03 '24 04:04 skumarp7

Hi, Please let me know if i can raise a PR to mitigate this vulnerablity.

skumarp7 avatar Apr 08 '24 07:04 skumarp7