/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-r9mv-rv77-836x

Published

Last updated

https://images.chainguard.dev/security/CGA-r9mv-rv77-836x
Package

neo4j-5.26

RepositoryWolfi
Latest Update
Fixed
Fixed Version

5.26.2-r0

Aliases
  • CVE-2024-6763
  • GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6763

Updates

Status

Fixed

Fixed version

5.26.2-r0

Status

Pending upstream fix

Impact

This vulnerability relates to the 'jetty-http' dependency, which is fixed in v12.0.12 and later. Unfortunately, we are not able to remediate this CVE, as bumping this dependency version results in build failures. Specifically, there are version conflicts between the various jetty dependencies. Attempting to bump the related dependencies to the same version, results in different build issues. Another component: 'jetty-servlet', has also been relocated to a new location in maven central: https://mvnrepository.com/artifact/org.eclipse.jetty/jetty-servlet. This requires additional code changes. All attempts were made to chain up the required changes, but to no avail. Pending fix from upstream.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing