/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-f7fh-p27q-6wp5

Published

Last updated

https://images.chainguard.dev/security/CGA-f7fh-p27q-6wp5
Package

difftastic

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • GHSA-g23h-7vf9-xc25

Severity

Unknown

References

  • https://github.com/advisories/GHSA-g23h-7vf9-xc25

Updates

Status

Pending upstream fix

Impact

This vulnerability relates to the 'mimalloc' dependency. A fixed version exists, v0.1.39 or later. The fixed version of mimalloc, also requires a later version of 'libmimalloc-sys'. This project has a hard dependency on an older version of libmimalloc-sys, and has intentionally locked to v0.1.24. For more information:

  • https://github.com/Wilfred/difftastic/blob/b3606fc219ed54c4da56cd97c3065c42b3cdb336/Cargo.toml#L50-L51

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing