WebP Vulnerability (CVE-2023-4863)

Update from October 4, 2023

Affected components

  • Dynatrace Synthetic
    • Public Synthetic locations
      • Fully updated to mitigate CVE-2023-4863.
    • Private Synthetic locations (Synthetic-enabled ActiveGate)
      • Updates that fix CVE-2023-4863 are available for the following versions of the Synthetic Module for all operating systems (Windows, Ubuntu 20,  Ubuntu 22, Red Hat Enterprise Linux, Cent OS)
        • 1.275.47 and higher
        • 1.273.43 and higher
        • 1.271.48 and higher
      • Please see Update ActiveGate for further details on how to install the latest versions of Dynatrace Private Synthetic locations.

Update from October 2, 2023

Affected components

  • Dynatrace Synthetic
    • Public Synthetic locations
      • Fully updated to mitigate CVE-2023-4863.
    • Private Synthetic locations (Synthetic-enabled ActiveGate)
      • Updates that fix CVE-2023-4863 are available for the following versions of the Synthetic Module for Windows, Ubuntu 20, and Ubuntu 22:
        • 1.275.43 and higher
        • 1.273.40 and higher
        • 1.271.47 and higher
      • Please see Update ActiveGate for further details on how to install the latest versions of Dynatrace Private Synthetic locations.

Update from September 29, 2023

The Dynatrace team has analyzed each occurrence of the vulnerable WebP library. The only affected component is Dynatrace Synthetic (see details below).

Affected components

  • Dynatrace Synthetic
    • Public Synthetic locations
      • Fully updated to mitigate CVE-2023-4863.
    • Private Synthetic locations (Synthetic-enabled ActiveGate)
      • Updates available soon.

Update from September 28, 2023

The Dynatrace team is actively reviewing the recently published WebP vulnerability (CVE-2023-4863).

Dynatrace Application Security continuously validates that any occurrence of the vulnerable WebP library is rapidly detected and remediated on all production systems.

We will continue to assess the situation and provide further status updates on this page.

Notice

This document is provided on an “as is” basis, with no express or implied warranties. Some of the information provided may come from third parties. Your use of the information in the document or materials linked from the document is at your own risk. Dynatrace reserves the right to change or update this document without notice at any time. Dynatrace expects to update this document as new information becomes available.

Get article updates or report security vulnerabilities

Dynatrace takes a proactive approach in communicating security vulnerability information to customers. Learn more about Dynatrace security and our security policy. To report a security issue, email security@dynatrace.com.

RSS feed Report issue