CGA-gf7w-xx6p-76mv

Published

Last updated

https://images.chainguard.dev/security/CGA-gf7w-xx6p-76mv

Package

kubeflow-fips

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

GHSA-74fp-r6jw-h4mp

Severity

Unknown

References

https://github.com/advisories/GHSA-74fp-r6jw-h4mp

Updates

Status

Pending upstream fix

Impact

Upstream has pinned these dependency versions and will require functional changes from upstream maintainers to upgrade. The k8s.io/apimachinery dependency is intentionally pinned to a 2019 commit via replace directives to maintain compatibility with Kubeflow's custom role system.

Status

Affected

Impact

Govulncheck found vulnerable symbols in Go binaries at the following locations: in kubeflow-access-management-fips-1.10.0-r2.apk, at usr/bin/access-management, usr/bin/access-management.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal