CGA-5hr5-g6v2-4w72

Published

Last updated

https://images.chainguard.dev/security/CGA-5hr5-g6v2-4w72

Package

apicurio-registry

RepositoryWolfi

Latest Update

Fixed

Fixed Version

3.0.6-r1

Aliases

Severity

Unknown

References

Updates

Status

Fixed

Fixed version

3.0.6-r1

Status

Pending upstream fix

Impact

netty is a transitive dependency of this project, and is affected by this CVE. Remediating this CVE would require upgrading a chain of dependencies: (quarkus <-- quarkus-http <-- netty). The latest version of quarkus-http (at the time of writing), still depends on an older, affected version of netty. Regardless, attempting to upgrade netty results in build failures. Waiting for upstream to address in a future release.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal