chartmuseum icon indicating copy to clipboard operation
chartmuseum copied to clipboard
verified publisher icon helm

Vulnerability CVE-2024-41110

Open haarvester opened this issue 1 year ago • 2 comments

Message: 'Critical vulnerability detected: CVE-2024-41110 Score: 9.9 in helm/chartmuseum'

The library github.com/docker/docker version: v23.0.3+incompatible was detected and is vulnerable to https://github.com/advisories/GHSA-v23v-6jw2-98fq, which exists in versions >= 24.0.0, < 26.1.4.

Can you please release a new version to fix this high severity security issue? Thank you

haarvester avatar Aug 04 '24 07:08 haarvester

I met the same issue and blocked by vulnerabilities scan. Anyone can help to release new version for this critical issue?

jnac1984 avatar Oct 09 '24 11:10 jnac1984

our dependabot will be broken due to upgrade , I will do this manually.

https://github.com/helm/chartmuseum/pull/786

scbizu avatar Oct 23 '24 07:10 scbizu

The latest canary fixes this .

scbizu avatar Mar 11 '25 05:03 scbizu