/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-pggr-w7gc-5r3m

Published

Last updated

https://images.chainguard.dev/security/CGA-pggr-w7gc-5r3m
Package

aws-efs-csi-driver

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2024-9042
  • GHSA-vv39-3w5q-974q

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-9042

Updates

Status

Not affected

Justification

Vulnerable code cannot be controlled by adversary

Impact

This vulnerability affects versions <= v1.29.12. This vulnerability is limited to Windows hosts.

Status

Fixed

Fixed version

2.1.7-r0

Status

Pending upstream fix

Impact

To remediate this CVE the code requires upgrading Kubernetes dependencies to v1.29.13 or later, but doing that the build fails due to missing feature flags (genericfeatures.StructuredAuthorizationConfiguration and genericfeatures.ZeroLimitedNominalConcurrencyShares) that were removed in later versions. The package currently depends on k8s.io/kubernetes v1.28.15. This requires upstream changes to support newer Kubernetes API versions and feature gates.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing