Open gergelyfabian opened 6 days ago
Example CVE:
https://scout.docker.com/vulnerabilities/id/CVE-2023-41915?s=ubuntu&n=pmix&ns=ubuntu&t=deb&osn=ubuntu&osv=22.04&vr=%3E%3D0
Compare:
FROM ubuntu:22.04 RUN apt-get update && apt-get install -y libpmix2
CVE is detected.
FROM ubuntu:22.04 RUN apt-get update && apt-get install -y \ wget \ tar \ libevent-dev \ libhwloc-dev \ build-essential \ python3 ARG DOCKER_PMIX_VERSION=4.1.2 RUN wget https://github.com/openpmix/openpmix/releases/download/v${DOCKER_PMIX_VERSION}/pmix-${DOCKER_PMIX_VERSION}.tar.gz && \ tar -xzvf pmix-${DOCKER_PMIX_VERSION}.tar.gz && \ cd pmix-${DOCKER_PMIX_VERSION} && \ ./configure --prefix=/usr/local && \ make && \ make install RUN apt purge -y build-essential linux-libc-dev && apt autoremove -y
CVE is not detected
Is this expected?
Example CVE:
https://scout.docker.com/vulnerabilities/id/CVE-2023-41915?s=ubuntu&n=pmix&ns=ubuntu&t=deb&osn=ubuntu&osv=22.04&vr=%3E%3D0
Compare:
CVE is detected.
CVE is not detected
Is this expected?