/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-3fp6-5vj7-c9wc

Published

Last updated

https://images.chainguard.dev/security/CGA-3fp6-5vj7-c9wc
Package

rancher-agent-2.9

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-24557
  • GHSA-xw73-rw38-6vjc

Severity

6.9

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-24557
  • https://github.com/advisories/GHSA-xw73-rw38-6vjc

Updates

Status

Pending upstream fix

Impact

Rancher pins this older version of Docker in the project’s replace block of the go.mod file despite a newer major version being defined in the requires block. This is intentional as there have been minor version changes within the v20.x.x pinned dependency while the more recent version defined in the requires block has jumped major versions throughout time. Upgrading the docker version in the replaces block and the relevant dependencies causes build breaking failures which shows code changes are required. This will require upstream to implement a fix.

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal