By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CVE-2023-42282 - ip mitigation when using elastic beanstalk

0

I have environment in EB based on "Node.js 18 running on 64bit Amazon Linux 2023/6.1.4" platform. The EC2 instances created are flagged as "critical" with "CVE-2023-42282 - ip" finding. The Affected packages are Name: ip, Package manager: NPM, installed version 2.0.0. Fixed version 2.0.1. It is not clear how I can update to the fixed version. EB creates the instances. Where/What/how do I upgrade to get the fixed version?

Topics
Security, Identity, & ComplianceCompute
Tags
Security, Identity, & ComplianceAWS Elastic BeanstalkAmazon EC2Amazon EC2 Auto Scaling
Language
English
mlasram
asked 21 days ago345 views
2 Answers
0
Accepted Answer

Hello.

I think the target package is the one described in the following document.
https://www.npmjs.com/package/ip

If there are no particular package dependencies, I think the latest version will be installed if you uninstall and then install as shown below.

npm uninstall IP
npm install IP

So, please try updating the package with the above command when creating a custom AMI using the steps in the document below.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.customenv.html

profile picture
EXPERT
Riku_Kobayashi
answered 21 days ago
0

That works! thank you!

mlasram
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content