/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-h43j-7pcv-c7x3

Published

Last updated

https://images.chainguard.dev/security/CGA-h43j-7pcv-c7x3
Package

neo4j

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2024-6763
  • GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6763
  • https://github.com/advisories/GHSA-qh8g-58pp-2wxh

Updates

Status

Pending upstream fix

Impact

This vulnerability relates to the 'jetty-http' dependency, which is fixed in v12.0.12 and later. Unfortunately, we are not able to remediate this CVE, as bumping this dependency version results in build failures. Specifically, there are version conflicts between the various jetty dependencies. Attempting to bump the related dependencies to the same version, results in different build issues. Another component: 'jetty-servlet', has also been relocated to a new location in maven central: https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlet. This requires additional code changes. All attempts were made to chain up the required changes, but to no avail. Pending fix from upstream.

Status

Under investigation

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal