Sek
Sek
**What happened**: Scanning on container that has Redhat IBOSS EAP which include this jar file slf4j-ext-1.7.22.redhat-2.jar. Grype locate this file: ..../3pp/jboss/modules/system/layers/base/org/slf4j/ext/main/slf4j-ext-1.7.22.redhat-2.jar ``` grype ./slf4j-ext-1.7.22.redhat-2.jar ✔ Vulnerability DB [no update available]...
**What happened**: Run grype on container that contains redis-server binary. And reported as critical issue with CVE-2022-3734 **What you expected to happen**: According to NVD advisory, this issue is related...
**What happened**: Scan a container that has only python3-lxml-4.7.1-150200.3.10.1.x86_64 installed, then, get the following: CVE-2022-2309 lxml 4.7.1 python CVE-2022-2309 High lxml 4.7.1 4.9.1 python GHSA-wrxv-2j5q-m38w Medium According to SUSE, CVE-2022-2409...
**What happened**: Scanned on container that has python oauthlib version 3.2.1, then get vulnerability as followed: $ grype --distro sles:15.4 : oauthlib 3.2.1 3.2.2 python GHSA-3pgj-pg6c-r5p7 Medium : **What you...
**What happened**: When scan a container that has xalan-2.7.1.redhat-00013.jar listed. /modules/system/layers/base/.overlays/layer-base-jboss-eap-/org/apache/xalan/main/xalan- 2.7.1.redhat-00013.jar It links to CVE-2022-34169. **What you expected to happen**: According to Red Hat JBOSS EAP, xalan- 2.7.1.redhat-00013.jar, CVE-2022-34169...
**What happened**: Grype report vulnerability, because Syft list rpm 4.14.3 but that version the OS distributor's already released fixes. $ syft | grep rpm python3-rpm 4.14.3-150300.55.1 rpm rpm 4.14.3 python...
**What happened**: When scan on a container which has SLES 15 SP4, this reference GHSA-v8gr-m533-ghj9 is shown NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY cryptography 3.3.2 39.0.1 python GHSA-x4qr-2fvf-3mr5 High cryptography...
**What happened**: Issue with mime4j-storage-0.8.3, mime4j-core-0.8.3 and mime4j-dom-0.8.3, "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-storage-0.8.3.jar" "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-core-0.8.3.jar", "package_path": "/opt/jboss/keycloak/lib/lib/main/org.apache.james.apache-mime4j-dom-0.8.3.jar", Grype is reported to https://nvd.nist.gov/vuln/detail/CVE-2021-40525 which is for james version 3.6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40525](https://nvd.nist.gov/vuln/detail/CVE-2021-40525 It is not the...
**What happened**: False positive Issue with "/opt/jboss/keycloak/modules/system/layers/base/io/smallrye/reactive/mutiny/main/mutiny-1.1.2.jar" which is reactive:mutiny 1.1.2. Grype report critical issue with CVE-2022-37832, which is related to mutiny:mutiny. According to this link [Published | JUMPSEC LABS](https://labs.jumpsec.com/)...
**What happened**: Running Grype to a local development directory. Variable not interpreting correctly in multiple level configuration file. See the following example with ${version.h2.database} variable, $ grype ./My_project : guava...