Open nvuillam opened 2 months ago
What happened:
CVE found by trivy
┌────────────────────────────────┬───────────────┬──────────┬────────┬───────────────────┬───────────────┬───────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├────────────────────────────────┼───────────────┼──────────┼────────┼───────────────────┼───────────────┼───────────────────────────────────────────────────────┤ │ github.com/opencontainers/runc │ CVE-2024-3154 │ HIGH │ fixed │ v1.1.12 │ 1.2.0-rc.1 │ cri-o: Arbitrary command injection via pod annotation │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-3154 │ └────────────────────────────────┴───────────────┴──────────┴────────┴───────────────────┴───────────────┴───────────────────────────────────────────────────────┘
What you expected to happen:
No CVE found :)
How to reproduce it (as minimally and precisely as possible):
See MegaLinter build job: https://github.com/oxsecurity/megalinter/actions/runs/8862893746/job/24336363970?pr=3518
Dockerfile uses the following: RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
Anything else we need to know?:
Environment:
grype version
cat /etc/os-release
Note: Grype also finds this CVE :) We'll definitely get this updated once the new version is released.
@kzantow many thanks for your reactivity :)
What happened:
CVE found by trivy
What you expected to happen:
No CVE found :)
How to reproduce it (as minimally and precisely as possible):
See MegaLinter build job: https://github.com/oxsecurity/megalinter/actions/runs/8862893746/job/24336363970?pr=3518
Dockerfile uses the following:
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
Anything else we need to know?:
Environment:
grype version
: latestcat /etc/os-release
or similar): alpine linux