gitlab-rails-ee-fips-17.4
Chainguard
7.5
CVSS CVSS_V3
Status
Impact
This vulnerability relates to the GitLab dependency: 'google-protobuf', which appears to be addressed in v3.25.5. GitLab advises that maintainers should NOT upgrade dependency versions manually, as their automation would have already applied this in cases of simple version increments. If a dependency version has not yet been upgraded, there is usually a good reason. Additionally, past attempts to upgrade GitLab dependencies ahead of the upstream release have resulted in build issues. Deferring to upstream (GitLab) to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.
Status