keda-2.14
Chainguard
7.5
CVSS V3
Status
Impact
Remediating this CVE requires removal of github.com/golang-jwt/jwt v3.x from Keda. This requires immense functional changes which can be seen in this PR, https://github.com/kedacore/keda/commit/9299ea9a57e40bae0ca39794df53318315cd5879. Chainguard recommends updating Keda to v2.17.0 or later where this dependency does not exist.
Status
Status
Fixed version
2.14.1-r16Status