CGA-6f8v-wx23-qpjj

Published

Last updated

https://images.chainguard.dev/security/CGA-6f8v-wx23-qpjj

Package

gitness

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

Severity

Unknown

References

Updates

Status

Pending upstream fix

Impact

This vulnerability originates in golang.org/x/crypto. Updating the crypto package to v0.45.0 currently results in build failures. Upstream will need to introduce code changes alongside the version bump to fully remediate the issue. Although upstream has advanced to v0.40.0, they have not yet published a release that includes this update.

Status

Affected

Impact

Govulncheck found vulnerable symbols in Go binaries at the following locations: in gitness-3.3.0-r3.apk, at usr/bin/gitness, usr/bin/gitness.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.