Closed balasurajgajula closed 4 months ago
@balasurajgajula most CVE fixes are done by backporting the patches instead of updating the major version of a package.
These scanners are returning false-positives, you should reach out to them to ask about it.
Thanks for the confirmation @samueloph that it was backported! Now it makes sense. 👍
Problem In the Amazon Linux 2023 documentation, it's mentioned that a CVE for the
runc
package was resolved in version1.1.11
. However, according to therunc
release notes, the fix for this CVE is included in version1.1.12
.This is still showing as a vulnerability in some of the security scanning tools!
Additional Information
CVE-2024-21626