CVE-2020-36694 - Githubissues

simplerisk / docker

SimpleRisk Docker Repository

https://www.simplerisk.com

Mozilla Public License 2.0

29 stars 21 forks source link

CVE-2020-36694 #59

Closed WolfangAukang closed 1 year ago

WolfangAukang commented 1 year ago

NVD Info

First detection

Local scan (get only critical, discard CVEs with "Won't fix" status):

> grype -q simplerisk/simplerisk-minimal | grep Critical | grep -v "won't fix"
linux-libc-dev             5.10.178-3                            deb     CVE-2020-36694       Critical
> grype -q php:8.1-apache | grep Critical | grep -v "won't fix"
linux-libc-dev             5.10.178-3                            deb     CVE-2020-36694    Critical

WolfangAukang commented 1 year ago

Opened ticket with docker-library/php

WolfangAukang commented 1 year ago

According to maintainer of the image, detection is a false positive. Opened a ticket on Grype repository.

WolfangAukang commented 1 year ago

Actions taken:

Set a rule on Grype to ignore that specific CVE
Grype has now fixed the detection and it does not appear on the list. Still, the reference will be kept