Skip to content

CVE-2025-27820 and CVE-2025-48734 #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 18, 2025
Merged

CVE-2025-27820 and CVE-2025-48734 #370

merged 2 commits into from
Jun 18, 2025

Conversation

@KishoreKicha14
Copy link
Contributor

@KishoreKicha14 KishoreKicha14 commented Jun 17, 2025
edited
Loading

Description

CVE fix (GHSA-73m2-qfq3-56cx) (GHSA-wxr5-93ph-8wr9)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

CVE-2025-27820
c1b2456 
Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
CVE fix
55c03c6 
Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
@KishoreKicha14 KishoreKicha14 changed the title CVE-2025-27820 CVE-2025-27820 and CVE-2025-48734 Jun 18, 2025
@deshsidd deshsidd merged commit 7f4dbaf into opensearch-project:main Jun 18, 2025
15 checks passed
@deshsidd
Copy link
Collaborator

backport needed? @KishoreKicha14

@Divyaasm
Copy link

Yes @deshsidd

opensearch-trigger-bot bot pushed a commit that referenced this pull request Jun 20, 2025
@github-actions
CVE-2025-27820 and CVE-2025-48734 (#370)
2c2ccb1 
* CVE-2025-27820

Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>

* CVE fix

Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>

---------

Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
Co-authored-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
(cherry picked from commit 7f4dbaf)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Jun 20, 2025
Merged
peterzhuamazon pushed a commit that referenced this pull request Jun 20, 2025
@opensearch-trigger-bot @github-actions
CVE-2025-27820 and CVE-2025-48734 (#370) (#374)
ff872ab 
* CVE-2025-27820



* CVE fix



---------



(cherry picked from commit 7f4dbaf)

Signed-off-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Kishore Kumaar Natarajan <kkumaarn@amazon.com>
@dzane17 dzane17 mentioned this pull request Jul 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@deshsidd deshsidd deshsidd approved these changes

@ansjcy ansjcy Awaiting requested review from ansjcy ansjcy is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk is a code owner

@dzane17 dzane17 Awaiting requested review from dzane17 dzane17 is a code owner

Assignees

No one assigned

Labels

backport 2.19 backport 3.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@KishoreKicha14 @deshsidd @Divyaasm @dzane17 @peterzhuamazon