2023年06月安全漏洞

发布于2023.06.02
最后更新于2023.06.02

以下为三方库漏洞，只提供CVE、严重程度、受影响的OpenHarmony版本，详细信息请参考三方公告。

CVE	严重程度	CVSS 3.1得分	受影响的OpenHarmony版本	修复链接
CVE-2023-27533	高	8.8	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-27534	高	8.8	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27535	高	7.5	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27536	严重	9.8	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27538	中	5.5	OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-29469	中	5.9	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-28484	中	5.9	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release到OpenHarmony-v3.1.7-Release OpenHarmony-v3.0到OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x

如下是各维护版本的安全补丁标签，请在合入对应安全补丁的同时，更新安全补丁标签。

安全补丁标签	链接
2023年6月	[3.2.x]
	[3.1.x] [3.1.x]
	[3.0.x]

Security Vulnerabilities in June 2023

published June 2,2023
updated June 2,2023

The following table lists the third-party library vulnerabilities with only the CVE, severity, and affected OpenHarmony versions provided. For more details, see the security bulletins released by third-parties.

CVE	severity	CVSS 3.1	affected OpenHarmony versions	fix links
CVE-2023-27533	High	8.8	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-27534	High	8.8	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27535	High	7.5	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27536	Critical	9.8	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-27538	Medium	5.5	OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.1.x 3.0.x
CVE-2023-29469	Medium	5.9	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x
CVE-2023-28484	Medium	5.9	OpenHarmony-v3.2-Release OpenHarmony-v3.1-Release through OpenHarmony-v3.1.7-Release OpenHarmony-v3.0 through OpenHarmony-v3.0.8	3.2.x 3.1.x 3.0.x

The following are the security patch labels for each maintenance version. Please update the security patch labels while incorporating the corresponding security patches.

Security patch label	fix links
June 2023	[3.2.x]
	[3.1.x] [3.1.x]
	[3.0.x]