CGA-hmgx-fgmf-3549

Published

Last updated

https://images.chainguard.dev/security/CGA-hmgx-fgmf-3549

Package

spark-3.4

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2024-25638
GHSA-cfxw-4h78-h7fw

Severity

8.9

High

CVSS V3

References

https://nvd.nist.gov/vuln/detail/CVE-2024-25638
https://github.com/advisories/GHSA-cfxw-4h78-h7fw

Updates

Status

Fix not planned

Impact

Spark 3.4 has reached end of life (EOL), and new images are no longer being built. We strongly recommend upgrading to Spark 3.5 to ensure continued support and access to the latest updates.

Status

Pending upstream fix

Impact

The upstream fix is pending due to transitive shared dependency jars, which include a reference to (or the actual) offending version.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CGA-hmgx-fgmf-3549

Severity

References

Updates

The trusted source for open source

Product

Solutions

Customers

Resources

Company