scout-cli icon indicating copy to clipboard operation
scout-cli copied to clipboard

Published 20 hours ago verified publisher icon docker

Python CVE for 3.10 is found for Python 3.11

Open gergelyfabian opened this issue 7 months ago • 4 comments

For CVE: https://scout.docker.com/vulnerabilities/id/CVE-2022-42919?s=ubuntu&n=python3.11&ns=ubuntu&t=deb&osn=ubuntu&osv=22.04&vr=%3E%3D0

I have Python 3.11 installed with:

add-apt-repository ppa:deadsnakes/ppa \
    && apt-get install -y python3.11 python3.11-venv python3.11-distutils \
    && python3.11 -m ensurepip \

Scout reports:

pkg:deb/ubuntu/[email protected]%2Bjammy1?os_distro=jammy&os_name=ubuntu&os_version=22.04

    ✗ HIGH CVE-2022-42919
      https://scout.docker.com/v/CVE-2022-42919
      Affected range : >=0                                           
      Fixed version  : not fixed                                     
      CVSS Score     : 7.8                                           
      CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

This should not be reported as the CVE says nothing about Python 3.11, but:

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux

gergelyfabian avatar Jun 27 '24 13:06 gergelyfabian