Update on CVE-2024-3094: XZ Utils Vulnerability
Incident Report for Aptible
Aptible is aware of CVE-2024-3094, a critical vulnerability in XZ Utils, specifically affecting versions 5.6.0 and 5.6.1, with a CVSS score of 10, indicating a severe level of risk. This vulnerability results from a supply chain compromise and is present in data compression software widely used across major Linux distributions. The malicious code discovered in the affected versions allows for unauthorized system access, posing a significant security threat.

The Aptible platform and services do not utilize the affected software versions and are not impacted.

Aptible customers are urged to evaluate dependencies in their Docker Images and other systems and patch as needed urgently to mitigate the risk associated with this vulnerability.

Given the scope and severity of the CVE, our security team continues to monitor the situation actively. If you have any concerns or questions, please contact the Aptible Support team.
Posted Apr 01, 2024 - 16:18 EDT