afdesk
afdesk
yes, sure. I'll do it today.
FYI, [alpine linux security db](https://secdb.alpinelinux.org/v3.16/) was updated yesterday, and now `CVE-2022-30065` doesn't affect on `busybox-1.35.0-r15`
@KDMichaelis thanks for your report I'll retest it again
@jdesouza thanks for your report! I could reproduce it, will investigate more!
@jdesouza sorry for waiting. we're working on it right now.
I've tested `elasticsearch:5.6.13` with the latest trivy (0.29.0) and the issue is still there... upd: it was a mark for me
@alecsz thanks for your report! I'll try to clarify this issue.
@alecsz I wanted to reproduce a problem. 1. I've created demo `pom.xml` with log4j module: https://gist.github.com/afdesk/b51b393bd99fd12a7a7fa30efc093e4a 2. Run `trivy` in debug mode: ```sh $ trivy -d fs . ... 2022-02-14T19:25:42.983+0600...
@alecsz this is a strange situation. I took a look at the logs and can see two different versions of `io.netty:netty-codec-http`. the first version has a vulnerability, but the second...
> I also see something similar when running locally on my laptop. I run trivy and it scans the file, but reports no failures. I immediately rerun the same command,...