-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
clair-4.7.2
-
False
-
None
-
False
-
-
Description:
This is an issue found in Quay 3.10.3, when pushed image to quay and the image contain various Ruby Vulnerabilities, but Quay can't report the Ruby Vulnerabilities, pls review this issue.
Quay: 3.10.3
Clair: clairctl version v4.7.2 (user) (claircore v1.5.19)
The following are the Ruby Vulnerabilities existed in the test image:
- https://access.redhat.com/security/cve/cve-2022-28739
- https://access.redhat.com/security/cve/CVE-2021-41819
- https://access.redhat.com/security/cve/CVE-2021-41817
Quay 3.10.3
grype redmine:4.2.1 --scope all-layers | grep ruby
✔ Vulnerability DB [no update available]
✔ Loaded image redmine:4.2.1
✔ Parsed image sha256:15e4b31ef3849045f66d5846fad154cbaf41e73cd54c0a5afcf7bed7817d16a5
✔ Cataloged contents aa362bed7cfa23b57250d84d412e443f5898ad8c84b5e1040347e01e8d0c6bd4
├── ✔ Packages [346 packages]
├── ✔ File digests [8,959 files]
└── ✔ File metadata [8,959 locations]
✔ Scanned for vulnerabilities [1918 vulnerability matches]
├── by severity: 69 critical, 556 high, 737 medium, 174 low, 366 negligible (16 unknown)
└── by status: 1239 fixed, 679 not-fixed, 0 ignored
ruby 2.7.4p191 binary CVE-2022-28739 High
ruby 2.7.4p191 binary CVE-2021-41819 High
ruby 2.7.4p191 binary CVE-2021-41817 High
ruby 2.7.4p191 binary CVE-2021-33621 High
ruby 2.7.4p191 binary CVE-2023-28756 Medium
