gitlab-runner-17.3
Chainguard
9.9
CVSS V3
Status
Impact
This package is no longer supported upstream and has reached its end of life on '2024-11-21'.
Status
Status
Fixed version
17.3.3-r1Status
Impact
Also present in previous gitlab-runner-17.2 and new scan reveals that this CVE is still present. Upstream merge request https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/4925 details the issues stating that the only current path to remediating this CVE is to bump major version of go to >=v25.0.6 and required a lot of changes. This upstream merge request has been merged and is part of the 17.4 release - see https://gitlab.com/gitlab-org/gitlab-runner/-/commits/v17.4.0?search=CVE-2024-41110. I could not find any plans to backport this to 17.3.
Status