Interpretation of Fixed_Version #4269
Replies: 10 comments
-
Hi @DontWanna1! |
Beta Was this translation helpful? Give feedback.
-
@DontWanna1 which version of $ trivy --version I tried to scan this image (python:3.9-slim), and don't see $ docker pull python:3.9-slim
$ trivy image python:3.9-slim
python:3.9-slim (debian 11.1)
=============================
Total: 66 (UNKNOWN: 0, LOW: 61, MEDIUM: 1, HIGH: 2, CRITICAL: 2)
.... I use |
Beta Was this translation helpful? Give feedback.
-
Version: 0.19.1 |
Beta Was this translation helpful? Give feedback.
-
Hi @DontWanna1 did update |
Beta Was this translation helpful? Give feedback.
-
Hi, yes it did. Another issue: https://avd.aquasec.com/nvd/cve-2021-33026/ Does "End version" indicate the last version with the CVE? Another example: https://avd.aquasec.com/nvd/cve-2021-33574/ Thank you for your support |
Beta Was this translation helpful? Give feedback.
-
Did you clean cache before scanning? $ trivy image --clear-cache
Yes, you're right. If we take a look at nvd.nist.gov/vuln/detail/CVE-2021-33026, we can see:
|
Beta Was this translation helpful? Give feedback.
-
Yes, by default (Git-Job). Thank you. |
Beta Was this translation helpful? Give feedback.
-
@DontWanna1 You're scanning |
Beta Was this translation helpful? Give feedback.
-
I did, yes. I have switched to python:3.10-slim, by now. Both are debian11, I think |
Beta Was this translation helpful? Give feedback.
-
@DontWanna1 I've run |
Beta Was this translation helpful? Give feedback.
-
Hi I am exploring the scan reports and try to understand if I should be alarmed.
Base-image: python3.9-slim
Offending CVE:
The Link (https://avd.aquasec.com/nvd/cve-2021-37322/) directs to the Affected Software, where it states:
Now, do I have a critical CVE on hand or can I ignore it safely, since it is fixed since version 2.26?
Should "Fixed Version" state 2.26?
Best Regards
Beta Was this translation helpful? Give feedback.
All reactions