Unexpected vulnerability detected in package(nss) #5401
JwishPark
started this conversation in
False Detection
Replies: 1 comment
-
Hello @JwishPark |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
CVE-2014-3566
Description
Hello,
I scanned the vulnerability in my image(centos:7.9.2009) with Trivy.
And I found trivy detected CVE-2014-3566 in nss package.
However, when searching the NVD official link and docker hub,
CVE-2014-3566 does not exist in nss package.
If follow the PrimaryURL of the vulnerability check result,
it seems that trivy found the vulnerability based on the datasource from Vendor(Ubuntu).
I think this is wrong detection because the vulnerabilities that exist in the package may be different for each OS.
please check why trivy detected it.
Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Target OS
centos:7.9.2009
Debug Output
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions