CGA-f3jr-397v-cw8h

Published

Last updated

https://images.chainguard.dev/security/CGA-f3jr-397v-cw8h

Package

celeborn-0.6

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

CVE-2024-6763
GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

https://nvd.nist.gov/vuln/detail/CVE-2024-6763
https://github.com/advisories/GHSA-qh8g-58pp-2wxh

Updates

Status

Pending upstream fix

Impact

jetty-http is used directly by celeborn and is also brought in by hadoop. jetty 9 is EOL and upstream maintainers need to transition to jetty 12 to receive CVE fixes. See https://github.com/jetty/jetty.project/issues/12783.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-f3jr-397v-cw8h

Severity

References

Updates

Product

Solutions

Customers

Resources

Company