/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-5w58-pwj9-6xmc

Published

Last updated

https://images.chainguard.dev/security/CGA-5w58-pwj9-6xmc
Package

webswing

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-6763
  • GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6763

Updates

Status

Pending upstream fix

Impact

The Webswing project is distributed as precompiled JARs and WAR files, which bundle specific versions of third-party dependencies. These dependency versions are determined and embedded upstream by Webswing maintainers. In the current release (23.2.3), several dependencies include vulnerabilities that cannot be mitigated or upgraded directly by downstream users due to the nature of the precompiled artifacts.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing