mirror of
https://github.com/fleetdm/fleet
synced 2026-04-27 08:27:42 +00:00
c557bcb782
Update our `security/status.md` file after analyzing currently reported vulnerabilities. https://github.com/fleetdm/fleet/actions/runs/20115346825 <img width="1711" height="645" alt="Screenshot 2025-12-10 at 7 41 00 PM" src="https://github.com/user-attachments/assets/97e17b58-50a8-4556-9ceb-bcb6701d7d61" />
26 lines
863 B
JSON
26 lines
863 B
JSON
{
|
|
"@context": "https://openvex.dev/ns/v0.2.0",
|
|
"@id": "https://openvex.dev/docs/public/vex-e83a3bb89b00837be30b188bd3eed874867824a0e4496a329b4e0884beeccb9c",
|
|
"author": "@lucasmrod",
|
|
"timestamp": "2025-12-10T18:12:45.166362-03:00",
|
|
"version": 1,
|
|
"statements": [
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2025-66516"
|
|
},
|
|
"timestamp": "2025-12-10T18:12:45.166363-03:00",
|
|
"products": [
|
|
{
|
|
"@id": "fleetctl"
|
|
},
|
|
{
|
|
"@id": "pkg:maven/org.apache.tika/tika-core"
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "fleetdm/fleetctl does not process end-user provided PDF files with Java when generating fleetd installers. The only PDF processing code is in Go for EULA documents.",
|
|
"justification": "vulnerable_code_cannot_be_controlled_by_adversary"
|
|
}
|
|
]
|
|
}
|