Forum Discussion
pporkka
May 10, 2022Copper Contributor
Vulnerable components in Edge/WebView DLLs?
We are using a vulnerability scanner (Black Duck in this case) to scan for packages we may include/distribute/depend on in our products and the BD is complaining about old zlib, openssl and sqlite3 c...
josh_bodner
May 10, 2022Former Employee
What version numbers of Edge and WebView are you seeing this in?
pporkka
May 11, 2022Copper Contributor
josh_bodner The latest WebView runtime available to download (101.0.1210.39) also the Edge says the same version. The exact problem is that Black Duck (which I have no reason to doubt as of yet, but of course who knows) detects that for example mip_core.dll contains OpenSSL code v1.0.2t (which is quite a lot behind of the 1.0.2za of that 1.0.2 branch) and sqlite3 v.3.24.0 instead of 3.83.3 which is the newest. sqlite3 version contains about a dozen CVEs on it and
Also several DLLs (ex. libGLESv2.dll, libsmartscreen.dll, msedge.dll.....contains zlib 1.2.11 but that is to be expected since the latest 1.2.12 was just released within a month.