CGA-vrgv-4xpj-jgvj

Published

Last updated

https://images.chainguard.dev/security/CGA-vrgv-4xpj-jgvj

Package

trino

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

Severity

9.1

Critical

CVSS CVSS_V3

References

Updates

Status

Pending upstream fix

Impact

The upstream project relies on a number of "shaded JARs", making it harder to update dependencies. The upstream project will need to migrate away from "alluxio-shaded-client-2.9.3.jar" for this vulnerability to be resolved.

Status

Affected

Impact

We have determined that the offending java class is included in the package via the JAR "alluxio-shaded-client-2.9.3.jar". This vulnerability only affects the Zookeeper server, which is likely not used by the package, but the exact impact is unknown.

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal