/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-6r5w-wwq4-cx4v

Published

Last updated

https://images.chainguard.dev/security/CGA-6r5w-wwq4-cx4v
Package

parseable

RepositoryWolfi
Latest Update
Fixed
Fixed Version

1.7.2-r0

Aliases
  • GHSA-2326-pfpj-vx3h

Severity

Unknown

References

  • https://github.com/advisories/GHSA-2326-pfpj-vx3h

Updates

Status

Fixed

Fixed version

1.7.2-r0

Status

Pending upstream fix

Impact

Fixing this vulnerability requires upgrading lexical-core to v1.0.0. However, another dependency: arrow-json, will not function with lexical-core v1.0.0. arrow-json is preparing a 53.1.0 release, which upgrades it's dependency to a newer version of lexical-core. However, this has not been released yet. Pending fix from upstream.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing