OpenSearch-Dashboards icon indicating copy to clipboard operation
OpenSearch-Dashboards copied to clipboard

Published 20 hours ago • verified publisher icon opensearch-project

[BUG] CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

Open maxlepikhin opened this issue 8 months ago • 8 comments
trafficstars

Describe the bug Trivy security scanning flagged libxml2 due to this CVE: CVE-2022-49043

To Reproduce

docker run -it --entrypoint=/bin/bash opensearchproject/opensearch-dashboards:2.19.0
ls /usr/lib64 | grep libxml

observe the output:

libxml2.so.2
libxml2.so.2.10.4

Expected behavior Trivy does not flag libxml2 library.

OpenSearch Version 2.19.0

Dashboards Version 2.19.0

Plugins N/A

Screenshots N/A

Host/Environment (please complete the following information): Ubuntu 24.04

Additional context N/A

maxlepikhin avatar Feb 26 '25 21:02 maxlepikhin