CGA-jpfc-8c65-c98p

Published

Last updated

https://images.chainguard.dev/security/CGA-jpfc-8c65-c98p

Package

apache-nifi

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

CVE-2020-36843
GHSA-p53j-g8pw-4w5f

Severity

Unknown

References

https://nvd.nist.gov/vuln/detail/CVE-2020-36843
https://github.com/advisories/GHSA-p53j-g8pw-4w5f

Updates

Status

Pending upstream fix

Impact

net.i2p.crypto.eddsa 0.3.0 is a transitive dependency via com.hierynomus.sshj. https://github.com/hierynomus/sshj/issues/992 will need to be resolved and the fix integrated into a new apache-nifi release

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-jpfc-8c65-c98p

Severity

References

Updates

Product

Solutions

Customers

Resources

Company