By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Beanstalk node.js amazon linux 2 running on nginx 1.20.0 which has critical vulnerability CVE-2021-23017

0

Needs to be updated to nginx 1.20.1 or nginx 1.20.2 Here is the link to the vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-23017

Any idea of if this is planned or scheduled?

Topics
Security, Identity, & ComplianceCompute
Tags
Security, Identity, & ComplianceAWS Elastic Beanstalk
Language
English
etiennead
asked 2 years ago627 views
1 Answer
1

Please see the following closed issue about this. From the issue comment log "CVE-2021-23017 has been fixed in nginx-1.20.0-2.amzn2.0.3 , which is part of Node.js 14 running on 64bit Amazon Linux 2/5.4.2 and Node.js 12 running on 64bit Amazon Linux 2/5.4.2 onward"

AWS
Rajarshi_D
answered 2 years ago
  • Vijay SUPPORT ENGINEER
    2 years ago

    Hello there,

    Thanks for confirming that. I would like to know, why hasn't it updated in alas https://alas.aws.amazon.com/alas2.html?

    Would be great if you update this thing in ALAS.

    Thanks in advance.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content