CGA-r3xv-hphj-6vc6

Published

Last updated

https://images.chainguard.dev/security/CGA-r3xv-hphj-6vc6

Package

docker-selenium

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

Severity

7.5

High

CVSS CVSS_V3

References

Updates

Status

Pending upstream fix

Impact

The netty-codec-http2 vulnerability comes from the selenium-server dependency. Docker-selenium is a collection of Docker images and scripts that packages selenium-server, not a Maven/Bazel project itself. The fix needs to be applied in the selenium package first, which will then flow through to docker-selenium when it's updated to use the fixed selenium-server version.

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal