-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
clair-4.7.2
-
False
-
None
-
False
-
-
Description:
This is an issue found in Quay 3.10.3, after push image with various Java Vulnerabilities, after Clair scanned the image, check the Vulnerabilities on Quay Console, found can't display the Severity, the following is example:
https://github.com/advisories/GHSA-j65f-mvgw-prp2
Quay: 3.10.3
Clair: 4.7.2
Quay 3.10.3 report High Java Vulnerability as Unknown:
OpenJPA High Vulnerability:
All Java Vulnerabilities of this image:
grype vulhub/weblogic --scope all-layers | grep java
✔ Vulnerability DB [no update available]
✔ Loaded image vulhub/weblogic:latest
✔ Parsed image sha256:7d35c6cd3bcd01f81cbce7dd936d12bfafa24f1ec6741be4d8fdbde02b6f4241
✔ Cataloged contents e4c2fc722614cd4215a980c0c35850c40b1e1558cd829287ffbf18f9db7e0db5
├── ✔ Packages [2,177 packages]
├── ✔ File digests [9,120 files]
└── ✔ File metadata [9,120 locations]
✔ Scanned for vulnerabilities [632 vulnerability matches]
├── by severity: 39 critical, 96 high, 186 medium, 226 low, 85 negligible
└── by status: 397 fixed, 235 not-fixed, 0 ignored
ant 1.7.1 1.10.9 java-archive GHSA-f62v-xpxf-3v68 High
ant 1.7.1 1.9.16 java-archive GHSA-q5r4-cfpx-h6fh Medium
ant 1.7.1 1.9.16 java-archive GHSA-5v34-g2px-j4fw Medium
ant 1.7.1 1.9.15 java-archive GHSA-4p6w-m9wc-c9c9 Medium
commons-collections 3.1 3.2.2 java-archive GHSA-fjq5-5j5f-mvxh Critical
commons-collections 3.1 3.2.2 java-archive GHSA-6hgm-866r-3cjv High
commons-fileupload 1.0 1.3.3 java-archive GHSA-7x9j-7223-rg5m Critical
commons-fileupload 1.0 1.3.1 java-archive GHSA-xx68-jfcg-xmmf High
commons-fileupload 1.0 1.3.1 java-archive GHSA-qx6h-9567-5fqw High
commons-fileupload 1.0 1.5 java-archive GHSA-hfrx-6qgj-fp6c High
commons-fileupload 1.0 1.3.2 java-archive GHSA-fvm3-cfvj-gxqq High
commons-fileupload 1.0 1.2.2 java-archive GHSA-vm69-474v-7q2w Low
commons-fileupload 1.1.1 1.3.3 java-archive GHSA-7x9j-7223-rg5m Critical
commons-fileupload 1.1.1 1.3.1 java-archive GHSA-xx68-jfcg-xmmf High
commons-fileupload 1.1.1 1.3.1 java-archive GHSA-qx6h-9567-5fqw High
commons-fileupload 1.1.1 1.5 java-archive GHSA-hfrx-6qgj-fp6c High
commons-fileupload 1.1.1 1.3.2 java-archive GHSA-fvm3-cfvj-gxqq High
commons-fileupload 1.1.1 1.2.2 java-archive GHSA-vm69-474v-7q2w Low
commons-fileupload 1.2.1 1.3.3 java-archive GHSA-7x9j-7223-rg5m Critical
commons-fileupload 1.2.1 1.3.1 java-archive GHSA-xx68-jfcg-xmmf High
commons-fileupload 1.2.1 1.3.1 java-archive GHSA-qx6h-9567-5fqw High
commons-fileupload 1.2.1 1.5 java-archive GHSA-hfrx-6qgj-fp6c High
commons-fileupload 1.2.1 1.3.2 java-archive GHSA-fvm3-cfvj-gxqq High
commons-fileupload 1.2.1 1.2.2 java-archive GHSA-vm69-474v-7q2w Low
commons-io 1.1 2.7 java-archive GHSA-gwrp-pvrq-jmwv Medium
jdom 1.0 java-archive GHSA-2363-cqg2-863c High
jettison 1.1 1.5.2 java-archive GHSA-x27m-9w8j-5vcw High
jettison 1.1 1.5.4 java-archive GHSA-q6g2-g7f3-rr83 High
jettison 1.1 1.5.2 java-archive GHSA-grr4-wv38-f68w High
jettison 1.1 1.5.2 java-archive GHSA-7rf3-mqpx-h7xg High
jettison 1.1 1.5.1 java-archive GHSA-56h3-78gp-v83r Medium
log4j 1.2.13 java-archive GHSA-f7vh-qwp3-x37m Critical
log4j 1.2.13 java-archive GHSA-65fg-84f6-3jq3 Critical
log4j 1.2.13 java-archive GHSA-2qrg-x229-3v8q Critical
log4j 1.2.13 java-archive GHSA-w9p3-5cr8-m3jj High
log4j 1.2.13 java-archive GHSA-fp5r-v3w9-4333 High
log4j 1.2.15 java-archive GHSA-f7vh-qwp3-x37m Critical
log4j 1.2.15 java-archive GHSA-65fg-84f6-3jq3 Critical
log4j 1.2.15 java-archive GHSA-2qrg-x229-3v8q Critical
log4j 1.2.15 java-archive GHSA-w9p3-5cr8-m3jj High
log4j 1.2.15 java-archive GHSA-fp5r-v3w9-4333 High
log4j 1.2.8 java-archive GHSA-f7vh-qwp3-x37m Critical
log4j 1.2.8 java-archive GHSA-65fg-84f6-3jq3 Critical
log4j 1.2.8 java-archive GHSA-2qrg-x229-3v8q Critical
log4j 1.2.8 java-archive GHSA-w9p3-5cr8-m3jj High
log4j 1.2.8 java-archive GHSA-fp5r-v3w9-4333 High
myfaces-impl 1.1.7 1.1.8 java-archive GHSA-4fv4-cq5v-x45m Medium
openjpa 1.1.1-SNAPSHOT 1.2.3 java-archive GHSA-j65f-mvgw-prp2 High
soap 1.3.0.0 java-archive GHSA-789v-h9hw-38pg Critical
soap 1.3.1.0 java-archive GHSA-789v-h9hw-38pg Critical
spring 2.5.5 2.5.7 java-archive GHSA-vpr3-f594-mg5g Medium
spring-webmvc 2.5.5 5.2.20.RELEASE java-archive GHSA-36p3-wjmg-h94x Critical
spring-webmvc 2.5.5 3.2.18 java-archive GHSA-2m8h-fgr8-2q9w High
spring-webmvc 2.5.5 3.2.8 java-archive GHSA-8cmm-qj8g-fcp6 Medium
struts 1.2.9 java-archive GHSA-vf8g-mpmw-qv87 High
struts 1.2.9 java-archive GHSA-7qwv-cwgj-c8rj High
struts 1.2.9 java-archive GHSA-p3vw-fvwx-qcv5 Low
struts-core 1.3.9 java-archive GHSA-cvvx-r33m-v7pq High
struts-core 1.3.9 java-archive GHSA-7jw3-5q4w-89qg High
struts-core 1.3.9 java-archive GHSA-5ggr-mpgw-3mgx High
velocity 1.4 java-archive GHSA-59j4-wjwp-mw9m High
xalan 2.7.0 2.7.2 java-archive GHSA-rc2w-r4jq-7pfx High
xalan 2.7.0 2.7.3 java-archive GHSA-9339-86wc-4qgf High
