发布于2024.06.04
以下为三方库漏洞,只提供CVE、严重程度、受影响的OpenHarmony版本
| CVE | 严重程度 | CVSS 3.1 得分 | 受影响的仓库 | 受影响的OpenHarmony版本 | 修复链接 |
|---|---|---|---|---|---|
| CVE-2024-39417 | 低危 | 3.5 | third_party_mbedtls | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-2478 | 中危 | 4.9 | third_party_wpa_supplicant | OpenHarmony-v4.0-Release | |
| CVE-2024-2398 | 高危 | 7.5 | third_party_curl | OpenHarmony-v4.1-Release | |
| CVE-2024-2004 | 中危 | 5.3 | third_party_curl | OpenHarmony-v4.1-Release | |
| CVE-2024-0450 | 中危 | 6.2 | third_party_python | OpenHarmony-v4.0-Release | |
| CVE-2023-6597 | 高危 | 7.8 | third_party_python | OpenHarmony-v4.0-Release | |
| CVE-2023-52474 | 高危 | 7.8 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2023-52160 | 中危 | 6.5 | third_party_wpa_supplicant | OpenHarmony-v4.0-Release | |
| CVE-2022-21499 | 中危 | 6.7 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2022-2078 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2022-1012 | 高危 | 8.2 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2022-0854 | 中危 | 5.5 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2021-4001 | 中危 | 4.1 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2021-33655 | 中危 | 6.7 | kernel_linux_5.10 | OpenHarmony-v4.0-Release | |
| CVE-2024-1059 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-1283 | 高危 | 9.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0810 | 高危 | 7.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0808 | 中危 | 4.3 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-2625 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-1672 | 中危 | 6.1 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0519 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0224 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-1676 | 中危 | 4.3 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0223 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-1670 | 高危 | 8.6 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0333 | 中危 | 5.3 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-1077 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0518 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0222 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-0807 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-3157 | 高危 | 8.1 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-3839 | 中危 | 6.5 | web_webview | OpenHarmony-v4.0-Release OpenHarmony-v4.1-Release | |
| CVE-2024-3516 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-3837 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2024-3159 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-5480 | 中危 | 6.1 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6347 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6703 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6345 | 高危 | 9.6 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6112 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-5482 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-7024 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6510 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6508 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-5997 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6705 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-6702 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release | |
| CVE-2023-5996 | 高危 | 8.8 | web_webview | OpenHarmony-v4.0-Release |
请在合入当月及之前全部已公开安全补丁之后,参考如下各维护版本的安全补丁标签更新方法,更新安全补丁标签至06月。
| 对应维护版本 | 安全补丁修改方式参考链接 |
|---|---|
| 4.1.x | https://gitee.com/openharmony/startup_init/pulls/2809 |
| 4.0.x |