/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-h2g5-588j-rp8q

Published

Last updated

https://images.chainguard.dev/security/CGA-h2g5-588j-rp8q
Package

gitlab-rails-ee-17.4

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • GHSA-vcc3-rw6f-jv97

Severity

Unknown

References

  • https://github.com/advisories/GHSA-vcc3-rw6f-jv97

Updates

Status

Pending upstream fix

Impact

This vulnerability relates to the GitLab dependency: 'nokogiri', which appears to be addressed in v1.16.2. GitLab advises that maintainers should NOT upgrade dependency versions manually, as their automation would have already applied this in cases of simple version increments. If a dependency version has not yet been upgraded, there is usually a good reason. Additionally, past attempts to upgrade GitLab dependencies ahead of the upstream release have resulted in build issues. Deferring to upstream (GitLab) to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing