2025-04-16 14:50:10 +00:00
<!-- DO NOT EDIT. This document is automatically generated by running `make vex-report` . -->
# Vulnerability Report
2025-05-16 00:15:37 +00:00
Following is the vulnerability report of Fleet and its dependencies.
2025-04-16 14:50:10 +00:00
## `fleetdm/fleet` docker image
2025-05-16 00:15:37 +00:00
### [CVE-2025-46569](https://nvd.nist.gov/vuln/detail/CVE-2025-46569)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleet does not use OPA in server mode, it uses it as a library.
- **Products:**: `fleet` ,`pkg:golang/github.com/open-policy-agent/opa@v0.44.0`,`pkg:golang/github.com/open-policy-agent/opa@0.44.0`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-05-05 20:29:07
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** The token format being validated before the call to ParseUnverified.
- **Products:**: `fleet` ,`pkg:golang/github.com/golang-jwt/jwt/v4`
2025-05-06 16:35:27 +00:00
- **Justification:** `inline_mitigations_already_exist`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 15:23:54
2025-05-06 16:35:27 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2025-27509](https://nvd.nist.gov/vuln/detail/CVE-2025-27509)
#### Statement:
- **Author:** @lucasmrod
- **Status:** `fixed`
- **Products:**: `cpe:2.3:a:fleetdm:fleet:v4.64.2:*:*:*:*:*:*:*` ,`cpe:2.3:a:fleetdm:fleet:v4.63.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.62.4:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.58.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.53.2:*:*:*:*:*:*:*`
- **Timestamp:** 2025-05-12 16:30:30
#### Statement:
- **Author:** @lucasmrod
- **Status:** `affected`
- **Products:**: `cpe:2.3:a:fleetdm:fleet:v4.64.1:*:*:*:*:*:*:*` ,`cpe:2.3:a:fleetdm:fleet:v4.64.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.63.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.63.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.62.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.62.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.62.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.62.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.61.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.60.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.60.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.59.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.59.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.58.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.57.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.57.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.57.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.57.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.56.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.55.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.55.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.55.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.54.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.54.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.54.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.53.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.53.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.52.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.51.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.51.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.50.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.50.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.50.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.49.4:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.49.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.49.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.49.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.49.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.48.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.48.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.48.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.48.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.47.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.47.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.47.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.47.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.46.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.46.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.46.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.45.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.45.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.44.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.44.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.43.3:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.43.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.43.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.43.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.42.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.41.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.41.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.40.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.39.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.38.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.38.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.37.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.36.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.35.2:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.35.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.35.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.34.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.34.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.33.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.33.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.32.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.31.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.31.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.30.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.30.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.29.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.29.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.28.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.28.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.27.1:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.27.0:*:*:*:*:*:*:*`,`cpe:2.3:a:fleetdm:fleet:v4.26.0:*:*:*:*:*:*:*
- **Action statement:** `Disable SAML SSO authentication.`
- **Timestamp:** 2025-05-12 16:13:23
### [CVE-2025-26519](https://nvd.nist.gov/vuln/detail/CVE-2025-26519)
2025-05-06 16:35:27 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleet does not perform any EUC-KR to UTF-8 translation by libc.
- **Products:**: `fleet` ,`pkg:apk/alpine/musl@1.2.5-r8?os_name=alpine& os_version=3.21`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-14 16:30:01
2025-04-16 14:50:10 +00:00
2025-06-25 18:13:34 +00:00
### [CVE-2025-22874](https://nvd.nist.gov/vuln/detail/CVE-2025-22874)
- **Author:** @lucasmrod
- **Status:** `not_affected`
- **Status notes:** Fleet does not perform any verification of policies in client certificates (CertificatePolicies not set in VerifyOptions).
- **Products:**: `fleet` ,`pkg:golang/stdlib@1.24.2`
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
- **Timestamp:** 2025-06-23 16:48:42
2025-05-16 00:15:37 +00:00
### [CVE-2025-21614](https://nvd.nist.gov/vuln/detail/CVE-2025-21614)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
- **Status notes:** The fleetctl executable is unused in the fleetdm/fleet docker image. The executable was removed in v4.64.0.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleet` ,`pkg:golang/github.com/go-git/go-git/v5`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 15:43:15
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2025-21613](https://nvd.nist.gov/vuln/detail/CVE-2025-21613)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
- **Status notes:** The fleetctl executable is unused in the fleetdm/fleet docker image. The executable was removed in v4.64.0.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleet` ,`pkg:golang/github.com/go-git/go-git/v5`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 15:42:55
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2024-8260](https://nvd.nist.gov/vuln/detail/CVE-2024-8260)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-06 16:35:27 +00:00
- **Status notes:** Fleet doesn't run on Windows, so it's not affected by this vulnerability.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleet` ,`pkg:golang/github.com/open-policy-agent/opa`
2025-05-06 16:35:27 +00:00
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-05-05 20:54:14
2025-05-06 16:35:27 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2024-12797](https://nvd.nist.gov/vuln/detail/CVE-2024-12797)
2025-05-06 16:35:27 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleet uses Go TLS implementation.
- **Products:**: `fleet` ,`pkg:apk/alpine/libcrypto3`,`pkg:apk/alpine/libssl3`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 15:15:53
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2023-32698](https://nvd.nist.gov/vuln/detail/CVE-2023-32698)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-06 16:35:27 +00:00
- **Status notes:** The fleetctl executable is unused in the fleetdm/fleet docker image. The executable was removed in v4.64.0.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleet` ,`pkg:golang/github.com/goreleaser/nfpm/v2`
2025-05-06 16:35:27 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 15:28:30
2025-04-16 14:50:10 +00:00
## `fleetdm/fleetctl` docker image
2025-06-13 22:00:49 +00:00
### [CVE-2025-49796](https://nvd.nist.gov/vuln/detail/CVE-2025-49796)
- **Author:** @sgress454
- **Status:** `not_affected`
- **Status notes:** The affected dependency (libxml2) is not utilized by fleetctl itself, but by Apple’
2025-08-08 13:49:23 +00:00
- **Products:**: `fleetctl` ,`pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u1`,`pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u2`
2025-06-13 22:00:49 +00:00
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
- **Timestamp:** 2025-06-13 15:57:38
### [CVE-2025-49795](https://nvd.nist.gov/vuln/detail/CVE-2025-49795)
- **Author:** @sgress454
- **Status:** `not_affected`
- **Status notes:** The affected dependency (libxml2) is not utilized by fleetctl itself, but by Apple’
- **Products:**: `fleetctl` ,`pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u1`
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
- **Timestamp:** 2025-06-13 15:57:25
### [CVE-2025-49794](https://nvd.nist.gov/vuln/detail/CVE-2025-49794)
- **Author:** @sgress454
- **Status:** `not_affected`
- **Status notes:** The affected dependency (libxml2) is not utilized by fleetctl itself, but by Apple’
2025-08-08 13:49:23 +00:00
- **Products:**: `fleetctl` ,`pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u1`,`pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u2`
2025-06-13 22:00:49 +00:00
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
- **Timestamp:** 2025-06-13 15:56:50
2025-06-02 16:53:40 +00:00
### [CVE-2025-48734](https://nvd.nist.gov/vuln/detail/CVE-2025-48734)
- **Author:** @lucasmrod
- **Status:** `not_affected`
- **Status notes:** The fleetctl tool is used by IT admins to generate packages so the vulnerable code cannot be controlled by attackers.
2025-06-11 17:22:46 +00:00
- **Products:**: `fleetctl` ,`pkg:maven/commons-beanutils/commons-beanutils`
2025-06-02 16:53:40 +00:00
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
- **Timestamp:** 2025-06-02 07:33:44
2025-05-16 00:15:37 +00:00
### [CVE-2025-46569](https://nvd.nist.gov/vuln/detail/CVE-2025-46569)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-06 16:35:27 +00:00
- **Status notes:** fleetctl does not use OPA.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleetctl` ,`pkg:golang/github.com/open-policy-agent/opa`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-05-06 07:47:31
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2025-31115](https://nvd.nist.gov/vuln/detail/CVE-2025-31115)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use liblzma5.
- **Products:**: `fleetctl` ,`pkg:deb/debian/liblzma5`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-09 13:24:20
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2024-7254](https://nvd.nist.gov/vuln/detail/CVE-2024-7254)
2025-04-28 15:11:45 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use Java.
- **Products:**: `fleetctl` ,`pkg:maven/com.google.protobuf/protobuf-java`
2025-04-28 15:11:45 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 07:34:26
2025-04-28 15:11:45 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2023-6879](https://nvd.nist.gov/vuln/detail/CVE-2023-6879)
2025-05-06 16:35:27 +00:00
- **Author:** @lucasmrod
2025-04-16 14:50:10 +00:00
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use libaom3.
- **Products:**: `fleetctl` ,`pkg:deb/debian/libaom3`
2025-05-06 16:35:27 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-15 10:28:21
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853)
2025-04-28 15:11:45 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use zlib C library.
- **Products:**: `fleetctl` ,`pkg:deb/debian/zlib1g`
2025-04-28 15:11:45 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-15 10:17:19
2025-04-28 15:11:45 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2023-32698](https://nvd.nist.gov/vuln/detail/CVE-2023-32698)
2025-05-06 16:35:27 +00:00
- **Author:** @getvictor
- **Status:** `not_affected`
- **Status notes:** When packaging linux files, fleetctl does not use global permissions. It was verified that packed fleetd package files do not have group/global write permissions.
2025-05-16 00:15:37 +00:00
- **Products:**: `fleetctl` ,`pkg:golang/github.com/goreleaser/nfpm/v2`
2025-05-06 16:35:27 +00:00
- **Justification:** `vulnerable_code_cannot_be_controlled_by_adversary`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-09 10:26:02
2025-05-06 16:35:27 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2019-10202](https://nvd.nist.gov/vuln/detail/CVE-2019-10202)
2025-04-28 15:11:45 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use Java.
- **Products:**: `fleetctl` ,`pkg:maven/org.codehaus.jackson/jackson-mapper-asl`
2025-04-28 15:11:45 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-15 10:31:31
2025-04-28 15:11:45 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2013-4002](https://nvd.nist.gov/vuln/detail/CVE-2013-4002)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use Java.
- **Products:**: `fleetctl` ,`pkg:maven/xerces/xercesImpl`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 07:36:31
2025-04-16 14:50:10 +00:00
2025-05-16 00:15:37 +00:00
### [CVE-2012-0881](https://nvd.nist.gov/vuln/detail/CVE-2012-0881)
2025-04-16 14:50:10 +00:00
- **Author:** @lucasmrod
- **Status:** `not_affected`
2025-05-16 00:15:37 +00:00
- **Status notes:** fleetctl does not use Java.
- **Products:**: `fleetctl` ,`pkg:maven/xerces/xercesImpl`
2025-04-16 14:50:10 +00:00
- **Justification:** `vulnerable_code_not_in_execute_path`
2025-05-16 00:15:37 +00:00
- **Timestamp:** 2025-04-10 14:46:52
2025-04-16 14:50:10 +00:00
