We have a couple of services running on EKS fargate accessible from internet via network load balancers.
We have recently conducted external penetration testing as part of our compliance process. It identified that the network load balancer is using nginx v1.20 which is subject to a security issue CVE-2021-23017 https://alas.aws.amazon.com/cve/html/CVE-2021-23017.html#score-breakdown . This issue has been fixed in v1.20.1.
Is there a patch that has been applied to network load balancer to fix CVE-2021-23017 or any mitigation we can do to overcome this from client (our) side?
Could anyone provide any pointers for me to gather more information in order to make an assessment of the severity level?
I searched the forum but only found a few posts about this issue with regards to elastic beanstalk, nothing about the network load balancer.
Thank you.
Edited by: yybc9a3 on Nov 26, 2021 3:27 AM
Edited by: yybc9a3 on Nov 26, 2021 3:31 AM
