chef uses vulnerable versions of LibXML2, OpenSSL and LibXSLT. These vulnerabilities are included due to the omnibus_override file using the vulnerable versions. LibXML2 is vulnerable to the following CVEs: CVE-2017-9050, CVE-2017-9049, CVE-2017-9048, CVE-2017-9047, CVE-2017-8872, and CVE-2016-9318. OpenSSL is vulnerable to the following CVEs: CVE-2017-3731, CVE-2017-3732, and CVE-2016-7055. LibXLST contains a memory handling vulnerability.