vitess-19.0
Chainguard
Status
Justification
Impact
This vulnerability detection relates to the parent package (vitess), and is fixed in v0.19.8. The vitess project creates multiple release tags for each release in GitHub. For example, v0.19.8 and v19.0.8. Vitess uses v19.0.8 for the image / product version, but uses v0.19.8 for the published Go binary. There are no code differences between these release tags: https://github.com/vitessio/vitess/compare/v0.19.8...v19.0.8. The GH Advisory DB favors the version used by the published Go binary: https://github.com/advisories/GHSA-7mwh-q3xm-qh6p. Also confirmed by upstream in the following issue: https://github.com/vitessio/vitess/issues/17547.
Status