/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-hrg2-wjgc-6rfg

Published

Last updated

https://images.chainguard.dev/security/CGA-hrg2-wjgc-6rfg
Package

spark-3.4

Repository

Chainguard

Latest Update
Fix not planned
Aliases
  • CVE-2024-7254
  • GHSA-735f-pc8j-v9w8

Severity

7.5

High

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-7254
  • https://github.com/advisories/GHSA-735f-pc8j-v9w8

Updates

Status

Fix not planned

Impact

Spark 3.4 has reached end of life (EOL), and new images are no longer being built. We strongly recommend upgrading to Spark 3.5 to ensure continued support and access to the latest updates.

Status

Pending upstream fix

Impact

This protobuf-java 3.21.12 dependency that exists in the spark-3.5 package and related subpackages are brought in as transitive dependencies from hadoop-client-runtime-3.3.6.jar. This dependency is not able to be upgraded to a higher version and requires upstream maintainers to implement.

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal