Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: clair-4.7.3
Affects Version/s: clair-4.7.2
Component/s: clair
Labels:
- acs-clair
- triaged

Story Points:
1
Blocked:
False
Blocked Reason:
None
Ready:
False
Git Pull Request:
https://github.com/quay/claircore/pull/1213
Intelligence Requested:
Market:

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

For example quay.io/

The scanner binary depends on golang.org/x/net@v0.14.0 which is definitely susceptible to https://osv.dev/vulnerability/GHSA-4374-p667-p6c8

The issue is likely due to Claircore's handling of OSV SEMVER ecosystems when Introduced is 0.

relates to

PROJQUAY-6618 Quay 3.10.2 can't scan and report all vulnerability of Golang Packages

Closed

Assignee:: Ross Tannenbaum

Reporter:: Ross Tannenbaum

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/01/23 6:46 PM

Updated:: 2024/01/26 9:24 PM

Resolved:: 2024/01/26 9:24 PM