/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-gw4p-9jfp-gj8x

Published

Last updated

https://images.chainguard.dev/security/CGA-gw4p-9jfp-gj8x
Package

kserve

RepositoryWolfi
Latest Update
Fixed
Fixed Version

0.14.0-r0

Aliases
  • CVE-2024-47554
  • GHSA-78wr-2p64-hpwj

Severity

4.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-47554
  • https://github.com/advisories/GHSA-78wr-2p64-hpwj

Updates

Status

Fixed

Fixed version

0.14.0-r0

Status

Pending upstream fix

Impact

The commons-io:commons-io:2.7.0 dependency is transitive from a direct dependency on the python package ray. To fix this vulnerability, we'd require ray to upgrade to commons-io:commons-io:2.14.0 (there is currently no released version of ray with that fix) and we'd have to upgrade the version of ray used in kserve to that fixed version.

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal