CVE-2023-45853
JFrog Severity -High
Components - debian:bookworm:zlib1g:1:1.2.13.dfsg-1
Version 1:1.2.13.dfsg-1
CVSS Score - 9.8 (v3)
Summary
A heap buffer overflow in zlib may lead to remote code execution when parsing a malicious archive.
==
CVE-2023-31484
JFrog Severity - High
Components - debian:bookworm:perl-base:5.36.0-7
Version - 5.36.0-7
CVSS Score -8.1 (v3)
Summary
Missing TLS check in CPAN.pm allows man-in-the-middle attacks when downloading packages and may lead to code execution.
Thanks,
Thomas