Vulnerabilities related to jars in Synthetic minion

Hi team,

In our company, we are using PRISMA CLOUD for scanning the images. The latest version of synthetics-minion (2.0.68) has CVE’s related to the jars that it is consuming.

Eg:
Synthetics-minion is consuming org.yaml: snakeyaml version 1.24 which has CVE’s which will be resolved if it consumes version 1.32.CVE-2022-25857

Now where should we raise the issue for these CVE’s?

Hi @subrhamanya.hn

Thanks for reaching out, I hope you are well.

Congrats on your first post in the community, Whoop!

I believe the best option here would be for you to provide a report to our security team, please reach out via security@newrelic.com.

Wishing you a great day.

1 Like