DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-rh6r-pgx2-378c

Published

Last updated

https://images.chainguard.dev/security/CGA-rh6r-pgx2-378c
Package

airflow-3

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2025-34351
  • GHSA-gx77-xgc2-4888

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-34351
  • https://github.com/advisories/GHSA-gx77-xgc2-4888

Updates

Status

Not affected

Justification

Vulnerable code not present

Impact

NVD notes that this CVE has been rejected as a result of upstream contesting the findings (https://nvd.nist.gov/vuln/detail/CVE-2025-34351). They also note that it's considered a duplicate of CVE-2023-48022 which was also disputed

Status

Pending upstream fix

Impact

This vulnerability affects the Ray Python module. Updating Ray beyond version 2.47 currently violates Airflow’s dependency constraints. To address the issue, the upstream project will need to update its dependencies and version requirements, and upgrade Ray to version 2.52. See upstream issue: https://github.com/apache/airflow/issues/52550

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal