Workload: Moderate Vulnerability for Pycairo Application Incorrectly Points to CVE-2019-10086 Which is marked for Apache Commons NetBeans.
search cancel

Workload: Moderate Vulnerability for Pycairo Application Incorrectly Points to CVE-2019-10086 Which is marked for Apache Commons NetBeans.

book

Article ID: 288633

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

The Vulnerabilities tab in our console shows moderate vulnerability with CVE-2019-10086 for an irrelevant application called "Pycairo" while the actual  (CVE-2019-10086) is meant for Apache Commons NetBeans.
https://nvd.nist.gov/vuln/detail/CVE-2019-10086

Environment

  • Carbon Black Cloud Console: All Versions
  • Workload

Cause

The NVD site has not updated the vulnerability details that do exist for the Pycairo application with regards to the mentioned CVE.

Resolution

  • The Mentioned CVE does exist for Pycairo, This can be Checked on the Below RedHat Advisory. https://packetstormsecurity.com/files/157215/Red-Hat-Security-Advisory-2020-1454-01.html 
  • For fixing this moderate vulnerability(CVE-2019-10086) we should have to update the Pycairo application to the (1.20.1) latest version.
Powered by Wolken Software