CGA-hvxh-5gg5-23rf

Published

Last updated

https://images.chainguard.dev/security/CGA-hvxh-5gg5-23rf

Package

cassandra-reaper-jre-bcfips

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

Severity

5.3

Medium

CVSS V3

References

Updates

Status

Pending upstream fix

Impact

To fix the CVE we should bump the 'jetty-server' dependency to '9.4.51.v20230217' or higher, to do that, we should bump the 'dropwizard-core' version to 2.1 or higher this is because 'amqp-client' is one of the dependencies of the 'dropwizard-core' but we cannot do that because the project does not work due to this error 'java.lang.NoSuchMethodError: void org.glassfish.jersey.server.ServerExecutorProvidersConfigurator.registerExecutors(org.glassfish.jersey.internal.inject.InjectionManager, org.glassfish.jersey.model.internal.ComponentBag, org.glassfish.jersey.spi.ExecutorServiceProvider, org.glassfish.jersey.spi.ScheduledExecutorServiceProvider)'. There is an issue already created for raising an awareness about this CVE : https://github.com/thelastpickle/cassandra-reaper/issues/1462

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal