Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-26 07:57:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 50
fleet/security/vex/fleetctl/CVE-2025-49796.vex.json
jacobshandling 0f94a718d9
UI: Improve names, cleanup unused imports (#30434) 
Side quest while doing feature work

---------

Co-authored-by: Jacob Shandling <jacob@fleetdm.com>
2025-06-30 16:00:22 -07:00

29 lines
1.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"@context": "https://openvex.dev/ns/v0.2.0",
"@id": "https://openvex.dev/docs/public/vex-15a003ae60b35f7662908bba842052a293f1bbc468353ec52419d0137556c0d3",
"author": "@sgress454",
"timestamp": "2025-06-13T15:57:38.413521-05:00",
"version": 1,
"statements": [
{
"vulnerability": {
"name": "CVE-2025-49796"
},
"timestamp": "2025-06-13T15:57:38.413522-05:00",
"products": [
{
"@id": "fleetctl"
},
{
"@id": "pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u1"
},
{
"@id": "pkg:deb/debian/libxml2@2.9.14+dfsg-1.3~deb12u2"
}
],
"status": "not_affected",
"status_notes": "The affected dependency (libxml2) is not utilized by fleetctl itself, but by Apples iTMSTransporter tool, which is included in the Docker image for code signing purposes. fleetctl does not process untrusted XML input. Additionally, this CVE describes a denial-of-service (DoS) vulnerability, and fleetctl is a CLI tool, not a long-running service, and therefore is not susceptible to DoS-style exploitation.",
"justification": "vulnerable_code_cannot_be_controlled_by_adversary"
}
]
}
Reference in a new issue View git blame Copy permalink