CGA-m575-v4qc-r48r

Published

Last updated

https://images.chainguard.dev/security/CGA-m575-v4qc-r48r

Package

gitlab-cng-fips-18.2

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

Severity

6.1

Medium

CVSS V3

References

Updates

Status

Pending upstream fix

Impact

The urllib3 dependency at version 1.26.20 contains a vulnerability that is fixed in 2.5. This is a transitive dependency brought in by awscli<2 through botocore and cannot be directly overridden(urllib3<1.27,>=1.25.4 (from botocore==1.40.28->awscli<2)). Resolution requires:

Upstream AWS CLI/Botocore need to update urllib3 to version 2.5+

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal