Vulnerability (CVE-2023-4863)

Hi Team,
We discover that the WebP Codec’s heap buffer overflow vulnerability (CVE-2023-4863) is currently being extensively exploited in the wild. Here, I would require a confirmation from your end as to whether or not this vulnerability affects Sonarqube ?

Hey there.

Are you asking out of an abundance of caution, or because there’s evidence that Sonar(Qube, Cloud, Lint) could be affected by CVE-2023-4863?

We have no such evidence or reports – and it looks like the best mitigation is making sure you’ve updated to the latest version of your browser.