CGA-f7fh-p27q-6wp5

Published

Last updated

https://images.chainguard.dev/security/CGA-f7fh-p27q-6wp5

Package

difftastic

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

GHSA-g23h-7vf9-xc25

Severity

Unknown

References

https://github.com/advisories/GHSA-g23h-7vf9-xc25

Updates

Status

Pending upstream fix

Impact

This vulnerability relates to the 'mimalloc' dependency. A fixed version exists, v0.1.39 or later. The fixed version of mimalloc, also requires a later version of 'libmimalloc-sys'. This project has a hard dependency on an older version of libmimalloc-sys, and has intentionally locked to v0.1.24. For more information:

https://github.com/Wilfred/difftastic/blob/b3606fc219ed54c4da56cd97c3065c42b3cdb336/Cargo.toml#L50-L51

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal