CGA-39rp-x94q-cm6r

Published

Last updated

https://images.chainguard.dev/security/CGA-39rp-x94q-cm6r

Package

grafana-9.3

Repository

Chainguard

Latest Update

Not affected

Aliases

Severity

6.1

Medium

CVSS CVSS_V3

References

Updates

Status

Not affected

Justification

Component not present

Impact

Prometheus ships a Go (Golang) library with a versioning scheme that follows the 0.x format. However, the Prometheus application itself uses a versioning scheme based on 1.x, 2.x, etc. The vulnerability identified in CVE-2019-3826 is specifically associated with the Prometheus application, not the Golang library.

Status

Not affected

Justification

Component not present

Impact

Go modules are not identifiying the version correctly. Example, v1.8.2-0.20211011171444-354d8d2ecfac is not v1.8.2, using the date and commit sha we can see that this is v2.31.0-rc.0~39 which contains the fix.

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal