DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-8wg7-v7wx-4j5v

Published

Last updated

https://images.chainguard.dev/security/CGA-8wg7-v7wx-4j5v
Package

garage-2

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-53605
  • GHSA-2gh3-rmm4-6rq5

Severity

5.9

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-53605
  • https://github.com/advisories/GHSA-2gh3-rmm4-6rq5

Updates

Status

Pending upstream fix

Impact

Garage depends on opentelemetry-prometheus which pulls in the unmaintained protobuf crate. For more information: https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/1245

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal