DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-j4gc-27jf-6rh8

Published

Last updated

https://images.chainguard.dev/security/CGA-j4gc-27jf-6rh8
Package

rancher-agent-2.9

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-41110
  • GHSA-v23v-6jw2-98fq

Severity

9.9

Critical

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-41110
  • https://github.com/advisories/GHSA-v23v-6jw2-98fq

Updates

Status

Pending upstream fix

Impact

Rancher pins this older version of Docker in the project’s replace block of the go.mod file despite a newer major version being defined in the requires block. This is intentional as there have been minor version changes within the v20.x.x pinned dependency while the more recent version defined in the requires block has jumped major versions throughout time. Upgrading the docker version in the replaces block and the relevant dependencies causes build breaking failures which shows code changes are required. This will require upstream to implement a fix.

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal