search

anchore / grype

A vulnerability scanner for container images and filesystems
Apache License 2.0
8.84k stars 574 forks source link

CVE-2022-24086 missing #640

Closed scottaglia closed 2 years ago

scottaglia commented 2 years ago

What happened: Grype is not detecting CVE-2022-24086

What you expected to happen: It looks like the file vulnerability.db is missing entirely the CVE.

How to reproduce it (as minimally and precisely as possible): Download the latest db from https://toolbox-data.anchore.io/grype/databases/vulnerability-db_v1_2022-02-22T08:15:16Z.tar.gz and check for CVE-2022-24086

Environment:

Application:          grype
Version:              0.32.0
Syft Version:        v0.36.0
BuildDate:            2022-01-20T18:48:06Z
GitCommit:            3ba7e56e42fddca0fd944986596068e429d448fa
GitTreeState:         clean
Platform:             linux/amd64
GoVersion:            go1.16.13
Compiler:             gc
Supported DB Schema:  3
spiffcs commented 2 years ago

Hey @scottaglia! Thanks for filing this. I'll take a look and see why this CVE has not made it into the DB yet and see if it updated today.

kzantow commented 2 years ago

It looks like CVE-2022-24086 is in the database now, so I'm going to close this -- please reopen if I've missed something!