/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-j784-wjvq-vcf3

Published

Last updated

https://images.chainguard.dev/security/CGA-j784-wjvq-vcf3
Package

flux-source-controller-2.0

Repository

Chainguard

Latest Update
Fix not planned
Aliases
  • CVE-2023-49569
  • GHSA-449p-3h89-pw88

Severity

9.8

Critical

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2023-49569
  • https://github.com/advisories/GHSA-449p-3h89-pw88

Updates

Status

Fix not planned

Impact

Upstream requires an old and specific version of go-git v5.7.1 and has an indirect dependency to a go-git fork of fluxcd in github.com/fluxcd/go-git/v5@v5.0.0 which requires multiple changes to those fluxcd dependencies in order to fix it.

Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal