False positive: CVE-2022-36087 not affected in SLES 15 SP4, SP5 #5657
sekveaja
started this conversation in
False Detection
Replies: 1 comment
-
Hello @sekveaja Perhaps you have the same case #4067 (comment)? Take a look, please. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
IDs
CVE-2022-36087
Description
│ oauthlib (METADATA) │ CVE-2022-36087 │ MEDIUM │ 3.2.1 │ 3.2.2 │ DoS when attacker provides malicious IPV6 URI
Other useful info:
"Target": "Python",
"Class": "lang-pkgs",
"Type": "python-pkg",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2022-36087",
"PkgName": "oauthlib",
"PkgPath": "usr/lib/python3.6/site-packages/oauthlib-3.2.1.dist-info/METADATA",
"InstalledVersion": "3.2.1",
"FixedVersion": "3.2.2",
"Layer": {
"DiffID": "sha256:4403074b6398a230c663b1080b82845ce3cc862b73881ed2dec1d1097e9099dd"
},
"SeveritySource": "ghsa",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-36087",
"DataSource": {
"ID": "ghsa",
"Name": "GitHub Security Advisory pip",
"URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip"
},
On SUSE page https://www.suse.com/security/cve/CVE-2022-36087.html
It is confirmed, that is not affected:
SUSE Linux Enterprise Server 15 SP4 | python-oauthlib | Not affected
SUSE Linux Enterprise Server 15 SP5 | python-oauthlib | Not affected
Reproduction Steps
1. Have python-oauthlib 3.2.1 installed in the SUSE OS eco-system. ...
Target
Container Image
Scanner
Vulnerability
Target OS
SLES 15.4
Debug Output
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions