CVE-2023-38545/6 security vulnerability.
In trying to assess implications of the CURL hack upon Data Insight I see the \DataInsight\perl\site\lib\HTTP\Any\Curl.pm perl module lists libcurl 7.21.6 or newer. While that is a very old version and specifically the CVEs call out
Affected Versions
Affected versions: libcurl 7.69.0 to and including 8.3.0
Not affected versions: libcurl < 7.69.0 and >= 8.4.0 (where a patch has been identified)
we are left to wonder as to ramifications of system software changes upon the Application.
Our organization will be patching for the various applications utilizing http calls over Socks5 (mentioned as a proxy in the script) and I will need to know a few facts to enter discussions with our security team.
Is DI affected by the vulnerability?
Will DI be aversely affected by patching to the latest library version?
Has Veritas released any statement on the vulnerability and its products?
Thank you
Pix
Reply was that DI is NOT affected by the CVE.
Pix