CVE-2024-55565 Affecting vitess-20.0 package, versions <20.0.4-r3


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CHAINGUARDLATEST-VITESS200-8548076
  • published22 Dec 2024
  • disclosed9 Dec 2024

Introduced: 9 Dec 2024

NewCVE-2024-55565  (opens in a new tab)

How to fix?

Upgrade Chainguard vitess-20.0 to version 20.0.4-r3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream vitess-20.0 package and not the vitess-20.0 package as distributed by Chainguard. See How to fix? for Chainguard relevant fixed versions and status.

nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.

CVSS Scores

version 3.1