/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-9fjc-f5vc-gmfh

Published

Last updated

https://images.chainguard.dev/security/CGA-9fjc-f5vc-gmfh
Package

gitlab-ee-17.4

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2023-36308
  • GHSA-q7pp-wcgr-pffx

Severity

5.5

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-36308
  • https://github.com/advisories/GHSA-q7pp-wcgr-pffx

Updates

Status

Pending upstream fix

Impact

This vulnerability relates to the GitLab dependency: 'disintegration/imaging'. At the time of writing, this package is already consuming the latest version: v1.6.2. This vulnerability is noted as disputed, but the reasoning is not clear if this is accurate. There are also links to (still open) GH issues associated with triggering the finding. Marking as pending-upstream-fix, as it's not clear if this is a false positive. For more information, please see:

  • https://github.com/golang/vulndb/issues/2039
  • https://github.com/disintegration/imaging/issues/165

Status

Under investigation

Status

Fixed

Fixed version

17.4.2-r1

Status

Under investigation

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal