You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What happened:
Grype suggested that the certifi component could be fixed by upgrading to the same version number.
Here is the output of Grype, note the Installed and Fixed-In columns:
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
busybox 1.35.0 binary CVE-2022-28391 High
busybox 1.35.0 binary CVE-2022-30065 High
certifi 2022.12.7 2022.12.07 python GHSA-43fp-rhv2-5gv8 Medium
git 2.38.4-r1 apk CVE-2022-41953 High
git 2.38.4-r1 apk CVE-2023-22743 High
pip 23.0.1 python CVE-2018-20225 High
py3-pip 22.3.1-r1 apk CVE-2018-20225 High
python 3.10.10 binary CVE-2007-4559 Medium
python 3.10.10 binary CVE-2023-24329 High
python3 3.10.10-r0 apk CVE-2007-4559 Medium
python3 3.10.10-r0 apk CVE-2023-24329 High
What you expected to happen:
The fixed-In column should not be populated if we're already using the latest version of the component.
How to reproduce it (as minimally and precisely as possible):
Without providing the SBOM to scan with, this can be re-produced by scanning a container which utilises the certifi component, version 2022.12.7.
Anything else we need to know?:
I don't think so. But do ask if you need anything extra.
Environment:
Grype V0.60.0
The text was updated successfully, but these errors were encountered:
As noted in slack, the reason for this appears to be the difference in the versions: 2022.12.7 and 2022.12.07 (note the .7 vs .07). We should be able to handle this type of thing.
This ends up being a duplicate of #1034 (sorry, I wasn't sure on Slack) -- since this is the same package, I'm going to close it for now @ChrisHolman thank you very much for reporting it!
What happened:
Grype suggested that the certifi component could be fixed by upgrading to the same version number.
Here is the output of Grype, note the Installed and Fixed-In columns:
What you expected to happen:
The fixed-In column should not be populated if we're already using the latest version of the component.
How to reproduce it (as minimally and precisely as possible):
Without providing the SBOM to scan with, this can be re-produced by scanning a container which utilises the certifi component, version 2022.12.7.
Anything else we need to know?:
I don't think so. But do ask if you need anything extra.
Environment:
Grype V0.60.0
The text was updated successfully, but these errors were encountered: