CGA-9vf2-8c9q-q94f

Published

Last updated

https://images.chainguard.dev/security/CGA-9vf2-8c9q-q94f

Package

apicurio-registry

RepositoryWolfi

Latest Update

Fixed

Fixed Version

3.0.6-r1

Aliases

Severity

Unknown

References

Updates

Status

Fixed

Fixed version

3.0.6-r1

Status

Pending upstream fix

Impact

apicurio-registry, depends on 'quarkus', which in turn depends on 'quarkus-http', affected by this CVE. This is addressed in 'quarkus-http' v5.3.4, but the 'quarkus' version used by this project, depends on 'quarkus-http v5.3.2'. Attempts to upgrade quarkus resulted in build errors. The project has noted caveats when bumping quarkus in the code base. Waiting for upstream to address in a future release.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal