/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-828p-4xp8-m457

Published

Last updated

https://images.chainguard.dev/security/CGA-828p-4xp8-m457
Package

trino

RepositoryWolfi
Latest Update
Fixed
Fixed Version

439-r0

Aliases
  • CVE-2022-25647
  • GHSA-4jrv-ppp4-jm57

Severity

7.5

High

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2022-25647

Updates

Status

Fixed

Fixed version

439-r0

Status

Pending upstream fix

Impact

The upstream project relies on a number of "shaded JARs", making it harder to update dependencies. The upstream project will need to migrate away from "rubix-presto-shaded-0.3.18.jar" for this vulnerability to be resolved. This will likely involve a migration to a different package, since com.qubole.rubix.rubix-presto-shaded was last updated on 2020-11-24.

Status

Affected

Impact

The offending code is included in this package via the JAR "rubix-presto-shaded-0.3.18.jar"


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing