/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-jjwx-mh6g-mqmq

Published

Last updated

https://images.chainguard.dev/security/CGA-jjwx-mh6g-mqmq
Package

neo4j-4.4

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2024-6763
  • GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6763

Updates

Status

Pending upstream fix

Impact

The upstream project uses a variable called jetty.version in their pom.xml where they use for all the other jetty dependencies so to be able to fix the CVE we should bump the jetty.version to 12.0.12 but when we do that the project compilation fails with an error "Could not find artifact org.eclipse.jetty.websocket:websocket-client:jar:12.0.12 in central"

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing