GMS-2023-319: Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

February 14, 2023

sgx-dcap-quote-verify-python includes a statically linked copy of OpenSSL. The version of OpenSSL included in sgx-dcap-quote-verify-python 0.0.1..0.0.2 is vulnerable to a security issue. More details about the OpenSSL vulnerabilities themselves can be found at https://www.openssl.org/news/secadv/20230207.txt.

References

github.com/advisories/GHSA-344m-qcjq-xgrf
github.com/mithril-security/sgx-dcap-quote-verify-python/security/advisories/GHSA-344m-qcjq-xgrf

Detect and mitigate GMS-2023-319 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →