/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-w8m5-m487-94w6

Published

Last updated

https://images.chainguard.dev/security/CGA-w8m5-m487-94w6
Package

apache-pulsar

RepositoryWolfi
Latest Update
Pending upstream fix
Aliases
  • CVE-2024-6763
  • GHSA-qh8g-58pp-2wxh

Severity

5.3

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2024-6763

Updates

Status

Pending upstream fix

Impact

jetty project has backported patch to versions 9, 10 and 11 with a fix for CVE-2024-6763 but has not yet generated releases. Apache-pulsar upstream will have to pull in the updates once they become available

Status

Under investigation

Status

Fixed

Fixed version

4.0.3-r0

Status

Under investigation

Status

Fixed

Fixed version

4.0.3-r0

Status

Pending upstream fix

Impact

Attempting to patch this CVE leads to build failures, and will require an update from upstream maintainers to remediate.

Status

Pending upstream fix

Impact

The fix version of jetty-http is >=12.0.12, requiring a large refactor; there is an issue tracking the effort https://github.com/apache/pulsar/issues/22939

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing