Impact of CVE-2020-29510 on Mender

deffo · January 27, 2021, 2:45pm

Hi there!

How do you consider the impact of CVE-2020-29510 [1] on Mender? Do you think this is critical? We are asking since warrior-v2020.10 is directly affected with version 1.14.7.

Best regards

[1] NVD - CVE-2020-29510

drewmoseley · January 29, 2021, 8:05pm

@kacf any thoughts on this?

kacf · February 1, 2021, 8:07am

Hello @deffo, neither the Mender Client nor Mender Connect uses encoding/xml anywhere, including in sub packages, so I believe they are not affected.

Topic		Replies	Views
Impact of CVE-2021-27918 on Mender General Discussions yocto , warrior , security	1	600	March 22, 2021
Impact of CVE-2021-38297 on Mender General Discussions yocto , security , dunfell	1	401	October 26, 2021
Impact of CVE-2021-31525 and CVE-2021-33194 on Mender General Discussions security	2	366	July 2, 2021
Impact of CVE-2021-3114 and CVE-2021-3115 on Mender General Discussions	3	434	February 5, 2021
Impact of CVE-2021-39293 on Mender General Discussions yocto , security , dunfell	1	431	February 8, 2022

Impact of CVE-2020-29510 on Mender

Related topics