CVE-2020-36694 (Detection through Grype)

[WolfangAukang]

We use php:8.1-apache as the base image for one of the SimpleRisk images, and we also use Grype as our image scanner. Last weekend, there was a detection regarding CVE-2020-36694. The record was created last week, and last weekend both base image and SimpleRisk image appeared with that detection.

[tianon]

An issue was discovered in netfilter in the Linux kernel before 5.10.

These images do not contain the Linux kernel, nor any kernel modules, so this is very definitely a false positive and should be reported accordingly to the vendor of the scanning tool.

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves