grype icon indicating copy to clipboard operation
grype copied to clipboard
verified publisher icon anchore

CVE-2022-24086 missing

Open scottaglia opened this issue 3 years ago • 1 comments

What happened: Grype is not detecting CVE-2022-24086

What you expected to happen: It looks like the file vulnerability.db is missing entirely the CVE.

How to reproduce it (as minimally and precisely as possible): Download the latest db from https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v1_2022-02-22T08:15:16Z.tar.gz and check for CVE-2022-24086

Environment:

Application:          grype
Version:              0.32.0
Syft Version:        v0.36.0
BuildDate:            2022-01-20T18:48:06Z
GitCommit:            3ba7e56e42fddca0fd944986596068e429d448fa
GitTreeState:         clean
Platform:             linux/amd64
GoVersion:            go1.16.13
Compiler:             gc
Supported DB Schema:  3

scottaglia avatar Feb 22 '22 20:02 scottaglia

Hey @scottaglia! Thanks for filing this. I'll take a look and see why this CVE has not made it into the DB yet and see if it updated today.

spiffcs avatar Feb 23 '22 18:02 spiffcs

It looks like CVE-2022-24086 is in the database now, so I'm going to close this -- please reopen if I've missed something!

kzantow avatar Nov 08 '22 16:11 kzantow