You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SUSE Linux Enterprise Server 15 SP5
apache2-mod_wsgi >= 4.7.1-150400.3.3.1
apache2-mod_wsgi-python3 >= 4.5.18-150000.4.6.1
Patchnames:
SUSE Linux Enterprise Module for Public Cloud 15 SP5 GA apache2-mod_wsgi-4.7.1-150400.3.3.1
SUSE Linux Enterprise Module for Server Applications 15 SP5 GA apache2-mod_wsgi-python3-4.5.18-150000.4.6.1
Installed version in the container: apache2-mod_wsgi-4.7.1-150400.**3.9.4.**x86_64
sekveaja
changed the title
False positive: GHSA-h4m5-qpfp-3mpv (CVE-2021-42771) in SLES 15.5
False positive: GHSA-7527-8855-9cf8 (CVE-2022-2255) apache2-mod_wsgi in SLES 15.5
Jun 25, 2024
What happened:
Scan on image that has apache2-mod_wsgi-4.7.1-150400.3.9.4.x86_64 installed.
It generates high vulnerability:
$ grype --distro sles:15.5 suse15.5_apache2-mod_wsgi:v1
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
mod-wsgi 4.7.1 4.9.3 python GHSA-7527-8855-9cf8 High
JSON format:
"vulnerability": {
"id": "GHSA-7527-8855-9cf8",
"dataSource": "GHSA-7527-8855-9cf8",
"namespace": "github:language:python",
"severity": "High",
"urls": [
"https://github.com/advisories/GHSA-7527-8855-9cf8"
],
"description": "Incorrect header handling in mod-wsgi",
:
:
"relatedVulnerabilities": [
{
"id": "CVE-2022-2255",
"dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-2255",
"namespace": "nvd:cpe",
"severity": "High",
"urls": [
"https://github.com/GrahamDumpleton/mod_wsgi/blob/4.9.2/src/server/mod_wsgi.c#L13940-L13941",
:
:
"artifact": {
"id": "94262fb26b41b74e",
"name": "mod-wsgi",
"version": "4.7.1",
"type": "python",
"locations": [
{
"path": "/usr/lib64/python3.6/site-packages/mod_wsgi-4.7.1-py3.6.egg-info/PKG-INFO",
"layerID": "sha256:4bfdb8762be5511b925a34075857d0a0ba0849de7f77ab71b52e15e482cc2b86"
What you expected to happen:
According to SUSE Advisory CVE-2022-2255
Patch for this CVE is applied from version apache2-mod_wsgi >= 4.7.1-150400.3.3.1
https://www.suse.com/security/cve/CVE-2022-2255.html
Installed version in the container: apache2-mod_wsgi-4.7.1-150400.**3.9.4.**x86_64
rpm -qf /usr/lib64/python3.6/site-packages/mod_wsgi-4.7.1-py3.6.egg-info/PKG-INFO
apache2-mod_wsgi-4.7.1-150400.3.9.4.x86_64
Conclusion: Installed version is greater than minimum requirement patch from SLES 15.5 but Grype generate a vulnerability.
How to reproduce it (as minimally and precisely as possible):
1)Create the Dockerfile with this content:
FROM registry.suse.com/suse/sle15:15.5
RUN zypper in -y --no-recommends apache2-mod_wsgi=4.7.1-150400.3.9.4
ENTRYPOINT [""]
CMD ["bash"]
$ docker build -t "suse15.5_apache2-mod_wsgi:v1" .
$ grype --distro sles:15.5 suse15.5_apache2-mod_wsgi:v1
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
mod-wsgi 4.7.1 4.9.3 python GHSA-7527-8855-9cf8 High
Environment:
$ grype --version
grype 0.78.0
In container image eco-system:
bash-4.4$ cat /etc/release
NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp5"
DOCUMENTATION_URL="https://documentation.suse.com/"
The text was updated successfully, but these errors were encountered: