Trivy reports HIGH CVSS severity level for unscored CVEs #6676

SanjayVas · 2024-05-13T17:33:38Z

SanjayVas
May 13, 2024

Description

Trivy reports the severity level as HIGH for CVEs that do not yet have a score. For example, CVE-2024-28085 is listed as N/A in Aqua's vulnerability database. NVD indicates that the it's awaiting analysis. Despite this, Trivy reports HIGH as the severity level.

Desired Behavior

Trivy is consistent with Aqua's vulnerability database w.r.t. scoring. e.g. reporting N/A.

Actual Behavior

Trivy reports HIGH even though the CVSS v3 score is not in the 7.0-8.9 range.

Reproduction Steps

1. Run Trivy v0.50.1 in container image based on Distroless Java

   
   trivy image ghcr.io/world-federation-of-advertisers/kingdom/data-server:20240512.3 --platform linux/amd64
   
2. Observe that CVE-2024-28085 is listed with severity HIGH

Target

Container Image

Scanner

Vulnerability

Output Format

Table

Mode

Standalone

Debug Output

$ trivy image ghcr.io/world-federation-of-advertisers/kingdom/data-server:20240512.3 --platform linux/amd64 --debug


2024-05-13T10:31:38.277-0700	�[35mDEBUG�[0m	Severities: ["UNKNOWN" "LOW" "MEDIUM" "HIGH" "CRITICAL"]
2024-05-13T10:31:38.277-0700	�[35mDEBUG�[0m	Ignore statuses	{"statuses": null}
2024-05-13T10:31:38.286-0700	�[35mDEBUG�[0m	cache dir:  /usr/local/google/home/sanjayvas/.cache/trivy
2024-05-13T10:31:38.286-0700	�[35mDEBUG�[0m	DB update was skipped because the local DB is the latest
2024-05-13T10:31:38.286-0700	�[35mDEBUG�[0m	DB Schema: 2, UpdatedAt: 2024-05-13 12:16:02.324139487 +0000 UTC, NextUpdate: 2024-05-13 18:16:02.324138856 +0000 UTC, DownloadedAt: 2024-05-13 17:26:34.741850224 +0000 UTC
2024-05-13T10:31:38.286-0700	�[34mINFO�[0m	Vulnerability scanning is enabled
2024-05-13T10:31:38.286-0700	�[35mDEBUG�[0m	Vulnerability type:  [os library]
2024-05-13T10:31:38.286-0700	�[34mINFO�[0m	Secret scanning is enabled
2024-05-13T10:31:38.286-0700	�[34mINFO�[0m	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-05-13T10:31:38.286-0700	�[34mINFO�[0m	Please see also https://aquasecurity.github.io/trivy/v0.50/docs/scanner/secret/#recommendation for faster secret detection
2024-05-13T10:31:38.286-0700	�[35mDEBUG�[0m	Enabling misconfiguration scanners: [azure-arm cloudformation dockerfile helm kubernetes terraform terraformplan-json terraformplan-snapshot]
2024-05-13T10:31:38.730-0700	�[35mDEBUG�[0m	No secret config detected: trivy-secret.yaml
2024-05-13T10:31:38.730-0700	�[35mDEBUG�[0m	The nuget packages directory couldn't be found. License search disabled
2024-05-13T10:31:38.730-0700	�[35mDEBUG�[0m	No secret config detected: trivy-secret.yaml
2024-05-13T10:31:38.835-0700	�[35mDEBUG�[0m	Image ID: sha256:d27dc8e0d84e673b7b2630bbce683c6e54a26a0920b886de117333aa0bda838e
2024-05-13T10:31:38.835-0700	�[35mDEBUG�[0m	Diff IDs: [sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421 sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60 sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368 sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1 sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849 sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3 sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217 sha256:c85e135e09540582977b3eabec041ec8e2bd91844d83e81865df691da77115a4 sha256:9c0e5019f26d776b7e927e531a10a8a36c26c86dd0babf236e718a894ecbf32c sha256:6a70d87b10ddb71e20683fd34cc83b1fe958c2ecc474049a3ade579ac45e6cfb sha256:678b8a3308054013fffd139d7faf747c8917bf1db56750414079873227dde80f sha256:e4b850aee477c0606667cdf179d0f6b9e92def7440c15a917c16ad6afe18ed76 sha256:9e4c9bfe02c4ffef307cf2835726ac854c1787d5b1926358f3d69f6f1a0ab020 sha256:974ffbde41b36bad1a3f7657a1b4222db812c9f03d00ef074c10b21a65eac127 sha256:338d0a48e1e8a0bf40febc95122818974545e56297a2bb1c7a726c06f44ca6ba sha256:b87651f6ca7c1b3db0ea6e6e4ba768c68de558c2d387ee41bb2c75e8c08db762 sha256:aa9041a22d258141af0b69736dfda5ace6e69aa627700ecf9b41fe44bb12e2b4 sha256:9458f09fa4d1b7078143e62013f50e53f8d5ac186b295b540f9449d5017db38f sha256:f32ba4a591b5fad6f68fa1a558de672bdfa9564ceba03dc745ab6e5cd544b510 sha256:dbac6fa627a2783ed74a5d976d4d4f9ec551048911c8c03dc40c69f659bcdac5 sha256:8b54e36e698a411476f9489fd0abef8be1d32d419c24fb49401f7bd74d1b8c42 sha256:7f628e8d08c3e49e838bbdb37051b605cfbde422d2f5d1778f33cac93cc7af74 sha256:cdcffa7d6e0ab967808e1ab65caabe24d2f18f0842488388624b7551b136a7e6 sha256:b278eeaa5713e50cd867ce2f3235c89c9a8912db556b8eba7152cfc5951bfb3c sha256:ea040a80e2e938a01c2532281c65ca54eed2c0fad83b91d62b36fa0c4cdc8b03 sha256:1ff631b7016196444e07d1a8fff324a799b57661d666ab6be12870a529f105ea sha256:b93947d87012c8918312d4854358dd9d2210d6952574722cd50598ce197abbae sha256:9e009a781a6fb4b51a320144680eba045f25296766ac66d81b347ae895567794 sha256:9bc0980adb63a5e164c6294cd7d3f8c1857c3345eab3634a6c9e365380d1d585 sha256:4f9e1a2ff834836bb67684904b2a9df1f40641de1789caae76fcb612438898f7]
2024-05-13T10:31:38.835-0700	�[35mDEBUG�[0m	Base Layers: []
2024-05-13T10:31:38.842-0700	�[34mINFO�[0m	Detected OS: debian
2024-05-13T10:31:38.842-0700	�[34mINFO�[0m	Detecting Debian vulnerabilities...
2024-05-13T10:31:38.842-0700	�[35mDEBUG�[0m	debian: os version: 12
2024-05-13T10:31:38.842-0700	�[35mDEBUG�[0m	debian: the number of packages: 23
2024-05-13T10:31:38.850-0700	�[34mINFO�[0m	Number of language-specific files: 1
2024-05-13T10:31:38.850-0700	�[34mINFO�[0m	Detecting jar vulnerabilities...
2024-05-13T10:31:38.850-0700	�[35mDEBUG�[0m	Detecting library vulnerabilities, type: jar, path: 

ghcr.io/world-federation-of-advertisers/kingdom/data-server:20240512.3 (debian 12.5)
====================================================================================
Total: 31 (UNKNOWN: 1, LOW: 19, MEDIUM: 5, HIGH: 5, CRITICAL: 1)

┌─────────────────────────┬──────────────────┬──────────┬──────────────┬─────────────────────┬─────────────────────┬──────────────────────────────────────────────────────────────┐
│         Library         │  Vulnerability   │ Severity │    Status    │  Installed Version  │    Fixed Version    │                            Title                             │
├─────────────────────────┼──────────────────┼──────────┼──────────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libc6                   │ CVE-2024-2961    │ HIGH     │ fixed        │ 2.36-9+deb12u4      │ 2.36-9+deb12u6      │ glibc: Out of bounds write in iconv may lead to remote       │
│                         │                  │          │              │                     │                     │ code...                                                      │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-2961                    │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-33599   │          │              │                     │ 2.36-9+deb12u7      │ glibc: stack-based buffer overflow in netgroup cache         │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-33599                   │
│                         ├──────────────────┼──────────┤              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-33600   │ MEDIUM   │              │                     │                     │ glibc: null pointer dereferences after failed netgroup cache │
│                         │                  │          │              │                     │                     │ insertion                                                    │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-33600                   │
│                         ├──────────────────┤          │              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-33601   │          │              │                     │                     │ glibc: netgroup cache may terminate daemon on memory         │
│                         │                  │          │              │                     │                     │ allocation failure                                           │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-33601                   │
│                         ├──────────────────┤          │              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-33602   │          │              │                     │                     │ glibc: netgroup cache assumes NSS callback uses in-buffer    │
│                         │                  │          │              │                     │                     │ strings                                                      │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-33602                   │
│                         ├──────────────────┼──────────┼──────────────┤                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2010-4756    │ LOW      │ affected     │                     │                     │ glibc: glob implementation can cause excessive CPU and       │
│                         │                  │          │              │                     │                     │ memory consumption due to...                                 │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2010-4756                    │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2018-20796   │          │              │                     │                     │ glibc: uncontrolled recursion in function                    │
│                         │                  │          │              │                     │                     │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2018-20796                   │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2019-1010022 │          │              │                     │                     │ glibc: stack guard protection bypass                         │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2019-1010022                 │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2019-1010023 │          │              │                     │                     │ glibc: running ldd on malicious ELF leads to code execution  │
│                         │                  │          │              │                     │                     │ because of...                                                │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2019-1010023                 │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2019-1010024 │          │              │                     │                     │ glibc: ASLR bypass using cache of thread stack and heap      │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2019-1010024                 │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2019-1010025 │          │              │                     │                     │ glibc: information disclosure of heap addresses of           │
│                         │                  │          │              │                     │                     │ pthread_created thread                                       │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2019-1010025                 │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2019-9192    │          │              │                     │                     │ glibc: uncontrolled recursion in function                    │
│                         │                  │          │              │                     │                     │ check_dst_limits_calc_pos_1 in posix/regexec.c               │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2019-9192                    │
├─────────────────────────┼──────────────────┼──────────┤              ├─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libexpat1               │ CVE-2023-52425   │ HIGH     │              │ 2.5.0-1             │                     │ expat: parsing large tokens can trigger a denial of service  │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-52425                   │
│                         ├──────────────────┼──────────┤              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2023-52426   │ LOW      │              │                     │                     │ expat: recursive XML entity expansion vulnerability          │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-52426                   │
│                         ├──────────────────┤          │              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-28757   │          │              │                     │                     │ expat: XML Entity Expansion                                  │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-28757                   │
├─────────────────────────┼──────────────────┼──────────┤              ├─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libgcc-s1               │ CVE-2023-4039    │ MEDIUM   │              │ 12.2.0-14           │                     │ gcc: -fstack-protector fails to guard dynamic stack          │
│                         │                  │          │              │                     │                     │ allocations on ARM64                                         │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-4039                    │
│                         ├──────────────────┼──────────┤              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2022-27943   │ LOW      │              │                     │                     │ binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows   │
│                         │                  │          │              │                     │                     │ stack exhaustion in demangle_const                           │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2022-27943                   │
├─────────────────────────┼──────────────────┤          │              ├─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libglib2.0-0            │ CVE-2012-0039    │          │              │ 2.74.6-2            │                     │ glib2: hash table collisions CPU usage DoS                   │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2012-0039                    │
│                         ├──────────────────┤          ├──────────────┤                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-34397   │          │ fixed        │                     │ 2.74.6-2+deb12u1    │ glib2: Signal subscription vulnerabilities                   │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-34397                   │
│                         ├──────────────────┼──────────┤              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ DSA-5682-2       │ UNKNOWN  │              │                     │ 2.74.6-2+deb12u2    │ glib2.0 - regression update                                  │
├─────────────────────────┼──────────────────┼──────────┼──────────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libharfbuzz0b           │ CVE-2023-25193   │ HIGH     │ affected     │ 6.0.0+dfsg-3        │                     │ harfbuzz: allows attackers to trigger O(n^2) growth via      │
│                         │                  │          │              │                     │                     │ consecutive marks                                            │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-25193                   │
├─────────────────────────┼──────────────────┼──────────┤              ├─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libpng16-16             │ CVE-2021-4214    │ LOW      │              │ 1.6.39-2            │                     │ libpng: hardcoded value leads to heap-overflow               │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2021-4214                    │
├─────────────────────────┼──────────────────┼──────────┤              ├─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libstdc++6              │ CVE-2023-4039    │ MEDIUM   │              │ 12.2.0-14           │                     │ gcc: -fstack-protector fails to guard dynamic stack          │
│                         │                  │          │              │                     │                     │ allocations on ARM64                                         │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-4039                    │
│                         ├──────────────────┼──────────┤              │                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2022-27943   │ LOW      │              │                     │                     │ binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows   │
│                         │                  │          │              │                     │                     │ stack exhaustion in demangle_const                           │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2022-27943                   │
├─────────────────────────┼──────────────────┼──────────┼──────────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ libuuid1                │ CVE-2024-28085   │ HIGH     │ fixed        │ 2.38.1-5+b1         │ 2.38.1-5+deb12u1    │ util-linux: CVE-2024-28085: wall: escape sequence injection  │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-28085                   │
│                         ├──────────────────┼──────────┼──────────────┤                     ├─────────────────────┼──────────────────────────────────────────────────────────────┤
│                         │ CVE-2022-0563    │ LOW      │ affected     │                     │                     │ util-linux: partial disclosure of arbitrary files in chfn    │
│                         │                  │          │              │                     │                     │ and chsh when compiled...                                    │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2022-0563                    │
├─────────────────────────┼──────────────────┤          ├──────────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ openjdk-17-jre-headless │ CVE-2024-21011   │          │ fixed        │ 17.0.10+7-1~deb12u1 │ 17.0.11+9-1~deb12u1 │ OpenJDK: long Exception message leading to crash (8319851)   │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-21011                   │
│                         ├──────────────────┤          │              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-21012   │          │              │                     │                     │ OpenJDK: HTTP/2 client improper reverse DNS lookup (8315708) │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-21012                   │
│                         ├──────────────────┤          │              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-21068   │          │              │                     │                     │ OpenJDK: integer overflow in C1 compiler address generation  │
│                         │                  │          │              │                     │                     │ (8322122)                                                    │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-21068                   │
│                         ├──────────────────┤          │              │                     │                     ├──────────────────────────────────────────────────────────────┤
│                         │ CVE-2024-21094   │          │              │                     │                     │ OpenJDK: C2 compilation fails with "Exceeded _node_regs      │
│                         │                  │          │              │                     │                     │ array" (8317507)                                             │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2024-21094                   │
├─────────────────────────┼──────────────────┼──────────┼──────────────┼─────────────────────┼─────────────────────┼──────────────────────────────────────────────────────────────┤
│ zlib1g                  │ CVE-2023-45853   │ CRITICAL │ will_not_fix │ 1:1.2.13.dfsg-1     │                     │ zlib: integer overflow and resultant heap-based buffer       │
│                         │                  │          │              │                     │                     │ overflow in zipOpenNewFileInZip4_6                           │
│                         │                  │          │              │                     │                     │ https://avd.aquasec.com/nvd/cve-2023-45853                   │
└─────────────────────────┴──────────────────┴──────────┴──────────────┴─────────────────────┴─────────────────────┴──────────────────────────────────────────────────────────────┘
2024-05-13T10:31:38.882-0700	�[34mINFO�[0m	Table result includes only package filenames. Use '--format json' option to get the full path to the package file.

Java (jar)
==========
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌───────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│                Library                │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├───────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ io.netty:netty-codec-http             │ CVE-2024-29025 │ MEDIUM   │ fixed  │ 4.1.104.Final     │ 4.1.108.Final │ netty-codec-http: Allocation of Resources Without Limits or │
│ (SpannerKingdomDataServer_deploy.jar) │                │          │        │                   │               │ Throttling                                                  │
│                                       │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-29025                  │
└───────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Operating System

Linux (Debian Trixie)

Version

Version: 0.50.1
Vulnerability DB:
  Version: 2
  UpdatedAt: 2024-05-13 12:16:02.324139487 +0000 UTC
  NextUpdate: 2024-05-13 18:16:02.324138856 +0000 UTC
  DownloadedAt: 2024-05-13 17:26:34.741850224 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2024-05-13 01:02:16.958984562 +0000 UTC
  NextUpdate: 2024-05-16 01:02:16.958984372 +0000 UTC
  DownloadedAt: 2024-05-13 17:26:52.784975186 +0000 UTC

Checklist

Run trivy image --reset
Read the troubleshooting

DmitriyLewen · 2024-05-17T06:33:04Z

DmitriyLewen
May 17, 2024
Maintainer

Hello @SanjayVas
Thanks for your report!

nvd and debian don't have severity for this vulnerability.
So, you see severity from RedHat.

I wrote about this problem in #6714.

Regards, Dmitriy

3 replies

SanjayVas May 20, 2024
Author

The Aqua vulnerability database entry doesn't show a severity from RedHat. See CVE-2024-28085.

DmitriyLewen May 21, 2024
Maintainer

hm... i will check, thanks!

DmitriyLewen May 21, 2024
Maintainer

created aquasecurity/avd-generator#89

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trivy reports HIGH CVSS severity level for unscored CVEs #6676

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Trivy reports HIGH CVSS severity level for unscored CVEs #6676

SanjayVas May 13, 2024

Description

Desired Behavior

Actual Behavior

Reproduction Steps

Target

Scanner

Output Format

Mode

Debug Output

Operating System

Version

Checklist

Replies: 1 comment · 3 replies

DmitriyLewen May 17, 2024 Maintainer

SanjayVas May 20, 2024 Author

DmitriyLewen May 21, 2024 Maintainer

DmitriyLewen May 21, 2024 Maintainer

SanjayVas
May 13, 2024

Replies: 1 comment 3 replies

DmitriyLewen
May 17, 2024
Maintainer

SanjayVas May 20, 2024
Author

DmitriyLewen May 21, 2024
Maintainer

DmitriyLewen May 21, 2024
Maintainer