CGA-h8rp-v97v-qq43

Published

Last updated

https://images.chainguard.dev/security/CGA-h8rp-v97v-qq43

Package

gitlab-ee-fips-17.3

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

Severity

5.5

Medium

CVSS V3

References

Updates

Status

Pending upstream fix

Impact

Currently there is no fix implemented for the CVE regarding github.com/disintegration/imaging v1.6.2, there is an open PR upstream that can be found here addressing this issue: https://github.com/disintegration/imaging/issues/165

Status

Under investigation

Status

Fixed

Fixed version

17.3.7-r0

Status

Pending upstream fix

Impact

This vulnerability relates to the GitLab dependency: 'disintegration/imaging'. At the time of writing, this package is already consuming the latest version: v1.6.2. This vulnerability is noted as disputed, but the reasoning is not clear if this is accurate. There are also links to (still open) GH issues associated with triggering the finding. Marking as pending-upstream-fix, as it's not clear if this is a false positive. For more information, please see:

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal