search

quay / clair

Vulnerability Static Analysis for Containers
https://quay.github.io/clair/
Apache License 2.0
10.27k stars 1.15k forks source link

Multiple cve in the analysis #567

Closed NigelZHANG closed 4 years ago

NigelZHANG commented 6 years ago

Multiple CVE result in the analysis:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 XSA-254 XPTI:

Environment:

when I get the analysis report, it return this: {u'NamespaceName': u'alpine:v3.5', u'Link': u'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 XSA-254 XPTI', u'Name': u'CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 XSA-254 XPTI', u'FixedBy': u'4.9.1-r3', u'Severity': u'Unknown'} and I look out the url: https://nvd.nist.gov/vuln/detail/CVE-2017-5753, it show the severity is medium, multiple cve stitch together, not like "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753", I hope get your help, thank you very much.

hdonnay commented 4 years ago

We’re declaring bug bankruptcy as part of the release process for a new major version of Clair. Please open a ticket in our issue tracker if you feel this still needs to be addressed, and we'll triage as part of our v4 development process. Thanks!