Skip to main content
Skip table of contents

Vulnerabilities (fixed in December 2022)

Customer(s)

All customers are required to update Germain with the below patches.

Description

As part of our SOC2 compliance program, here are the security breaches that have been found in December, and patches to address those. We remain available to help you with these issues. If you have not already, you can create a ticket here: https://germainux.atlassian.net/servicedesk/customer/portal/1 or email us at info@germainux.com

Vulnerability

Severity

Scope

Detected

Reviewed

Resolved

Affected versions

Fix implemented in

Link

[CVE-2022-40151]

HIGH

xstream [1.4.19] => [1.4.20]

10/29/2022

1/3/2023

1/3/2023

<= 2022.4

2022.3-55, 2022.4-40

https://nvd.nist.gov/vuln/detail/CVE-2022-40151

[CVE-2022-31690], [CVE-2022-31692]

CRITICAL

spring-security-oauth2-jose [5.6.5] => [5.6.10]

1/1/2023

1/3/2023

1/3/2023

<= 2022.4

2022.3-55, 2022.4-40

https://nvd.nist.gov/vuln/detail/CVE-2022-31690 https://nvd.nist.gov/vuln/detail/CVE-2022-31692

[CVE-2022-41881], [CVE-2022-41915]

HIGH

netty-transport [4.1.77] => [4.1.86.Final]

1/1/2023

1/3/2023

1/3/2023

<= 2022.4

2022.3-55, 2022.4-40

https://nvd.nist.gov/vuln/detail/CVE-2022-41881 https://nvd.nist.gov/vuln/detail/CVE-2022-41915

[CVE-2022-2048]

HIGH

jetty-io [9.4.46] => [9.4.50.v20221201]

1/1/2023

1/3/2023

1/3/2023

<= 2022.4

2022.3-55, 2022.4-40

https://nvd.nist.gov/vuln/detail/CVE-2022-2048

 https://nvd.nist.gov/vuln/detail/CVE-2022-45046

CRITICAL

alpine [3.16.2] => [3.17.0]

1/1/2023

1/4/2023

1/4/2023

<= 2022.4

2022.3-55, 2022.4-40

https://security.snyk.io/vuln/SNYK-ALPINE316-LIBTASN1-3173578

[CVE-2022-23496]

HIGH

yauaa [7.6.0] => [7.9.0]

12/11/2022

12/12/2022

<= 2022.4

2022.3.53, 2022.4.33

https://nvd.nist.gov/vuln/detail/CVE-2022-23496

[CVE-2022-40152]

HIGH

woodstox-core [6.2.7] => [6.4.0]

12/11/2022

12/12/2022

<= 2022.4

2022.3.53, 2022.4.33

https://nvd.nist.gov/vuln/detail/CVE-2022-40152

Germain 2022.3-55

Download:

https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.3-55-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.3-55-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-55-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.3-55-binary.zip

Docker:

public.ecr.aws/h0m9e4y5/germainapm-engines:2022.3-55
public.ecr.aws/h0m9e4y5/germainapm-server:2022.3-55
public.ecr.aws/h0m9e4y5/germainapm-services:2022.3-55

Germain 2022.4-40

Download:

https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMEngine-2022.4-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMServer-2022.4-40-binary.zip
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-40-binary.tar.gz
https://germain-apm.s3.us-west-2.amazonaws.com/GermainAPM/2022/GermainAPMService-2022.4-40-binary.zip

Docker

public.ecr.aws/h0m9e4y5/germainapm-engines:2022.4-40
public.ecr.aws/h0m9e4y5/germainapm-server:2022.4-40
public.ecr.aws/h0m9e4y5/germainapm-services:2022.4-40

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.