NEW AND WORTH KNOWING

Vulnerability in XZ Utils - thingsHub not affected

overlay triangle

Is your thingsHub affected by the XZ vulnerability (CVE-2024-3094)?

Last week, a critical vulnerability (CVE-2024-3094, base score: 10.0 Critical) was discovered in XZ Utils. This vulnerability could potentially allow attackers to execute code on affected systems.

Our development team immediately investigated the impact on our systems. This has led to the following result:

In the system environment of the thingsHub products "Cloud" and "OnPremise" XZ Utils is not installed by default and therefore these are not affected by the vulnerability.

Our relevant custom Dockerfiles explicitly exclude the installation of XZ. Additionally, Grafana, which is used within our system, uses the unaffected image alpine:3.19.1 and does not install XZ on it. Likewise, the CNCF certified Kubernetes engine we use for the thingshub cloud service (GKE) is not affected by this bug.

If you or your colleagues have any questions about this, you can contact us at any time by e-mail or telephone.


Your SmartMakers thingsHub development team

Share this article

Published April 9, 2024

Change language

Read more

Webinar recording: Container cycles 4.0

The logistics industry is constantly facing new challenges and efficient container cycles play a central role in solving them. Our webinar "Container cycles 4.0" offers you valuable insights into innovative approaches and practice-oriented solutions for optimized container management.

IoT for logistics webinar

Webinar: IoT for logistics

In the 30-minute webinar "LPWAN & LoRaWAN for Logistics" you will learn about application scenarios, sensor technology and components for a complete solution.

Webinar recording: Container cycles 4.0

The logistics industry is constantly facing new challenges and efficient container cycles play a central role in solving them. Our webinar "Container cycles 4.0" offers you valuable insights into innovative approaches and practice-oriented solutions for optimized container management.