You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Scan on image that has python3-rsa-3.4.2-150000.3.7.1.noarch installed.
It generates high vulnerability:
What you expected to happen:
In SLES 15.5 context, this CVE has fixed from version python3-rsa >= 3.4.2-3.4.1
SUSE Linux Enterprise Server 15 SP5
python3-rsa >= 3.4.2-3.4.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP5 GA python-rsa-3.4.2-150000.3.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP5 GA python3-rsa-3.4.2-150000.3.7.1
The installed version is python3-rsa-3.4.2-150000.3.7.1.noarch which meet SLES 15.5 requirement.
Grype may not look into that level therefore generate false positive.
How to reproduce it (as minimally and precisely as possible):
1)Create the Dockerfile with this content:
FROM registry.suse.com/suse/sle15:15.5
RUN zypper in -y --no-recommends python3-rsa=3.4.2-150000.3.7.1
ENTRYPOINT [""]
CMD ["bash"]
Build an image from Dockerfile
docker build . -t "suse15.5_test:v1"
Test with Grype now
grype --distro sles15.5 suse15.5_test:v1
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
rsa 3.4.2 4.1 python GHSA-537h-rv9q-vvph High
Anything else we need to know?:
Environment:
$ grype --version
grype 0.76.0
Container Eco-system:
bash-4.4$ cat /etc/release
NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp5"
DOCUMENTATION_URL="https://documentation.suse.com/"
The text was updated successfully, but these errors were encountered:
What happened:
Scan on image that has python3-rsa-3.4.2-150000.3.7.1.noarch installed.
It generates high vulnerability:
What you expected to happen:
In SLES 15.5 context, this CVE has fixed from version python3-rsa >= 3.4.2-3.4.1
SUSE Linux Enterprise Server 15 SP5
python3-rsa >= 3.4.2-3.4.1
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 SP5 GA python-rsa-3.4.2-150000.3.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP5 GA python3-rsa-3.4.2-150000.3.7.1
The installed version is python3-rsa-3.4.2-150000.3.7.1.noarch which meet SLES 15.5 requirement.
Grype may not look into that level therefore generate false positive.
How to reproduce it (as minimally and precisely as possible):
1)Create the Dockerfile with this content:
FROM registry.suse.com/suse/sle15:15.5
RUN zypper in -y --no-recommends python3-rsa=3.4.2-150000.3.7.1
ENTRYPOINT [""]
CMD ["bash"]
docker build . -t "suse15.5_test:v1"
grype --distro sles15.5 suse15.5_test:v1
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
rsa 3.4.2 4.1 python GHSA-537h-rv9q-vvph High
Anything else we need to know?:
Environment:
$ grype --version
grype 0.76.0
Container Eco-system:
bash-4.4$ cat /etc/release
NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp5"
DOCUMENTATION_URL="https://documentation.suse.com/"
The text was updated successfully, but these errors were encountered: