https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/464869#M451 <P><SPAN>Hi Prismacloud team,</SPAN></P><DIV><P>We are getting below three golang vulnerabilities in all images and hosts which don't have golang installed.</P><P>These go vulnerabilities are reported even in all the node based docker images and also in all hosts which don’t have any jar or application related to golang.</P><P>&nbsp;</P><P>Could you please explain to us why we are getting these vulnerabilities in all hosts and images. Please refer to the screenshot attached.</P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="NSrinivasan_0-1644498597803.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39064iD905E0ED9BEF058F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="NSrinivasan_0-1644498597803.png" alt="NSrinivasan_0-1644498597803.png" /></span><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>CVE-2021-45046</STRONG></P><P><SPAN><STRONG>CVE-2020-29652</STRONG></SPAN></P><P><STRONG>CVE-2021-44716</STRONG></P></DIV> Thu, 10 Feb 2022 13:10:19 GMT NSrinivasan 2022-02-10T13:10:19Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/464869#M451 <P><SPAN>Hi Prismacloud team,</SPAN></P><DIV><P>We are getting below three golang vulnerabilities in all images and hosts which don't have golang installed.</P><P>These go vulnerabilities are reported even in all the node based docker images and also in all hosts which don’t have any jar or application related to golang.</P><P>&nbsp;</P><P>Could you please explain to us why we are getting these vulnerabilities in all hosts and images. Please refer to the screenshot attached.</P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="NSrinivasan_0-1644498597803.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39064iD905E0ED9BEF058F/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="NSrinivasan_0-1644498597803.png" alt="NSrinivasan_0-1644498597803.png" /></span><P>&nbsp;</P><P>&nbsp;</P><P><STRONG>CVE-2021-45046</STRONG></P><P><SPAN><STRONG>CVE-2020-29652</STRONG></SPAN></P><P><STRONG>CVE-2021-44716</STRONG></P></DIV> Thu, 10 Feb 2022 13:10:19 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/464869#M451 NSrinivasan 2022-02-10T13:10:19Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/464993#M453 <P>Are you able to find the vulnerable package by searching within the "Package Info" tab?</P> Thu, 10 Feb 2022 20:39:52 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/464993#M453 david_michael 2022-02-10T20:39:52Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/465079#M454 <P>Let me check. Thanks for the reply.</P> Fri, 11 Feb 2022 04:48:02 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/465079#M454 NSrinivasan 2022-02-11T04:48:02Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/508693#M525 <P>Sometimes a CVE can belong to a different application, we need to understand what images they are scanning if they can give us the pull URL, we can download the image from the repo and scan it individually and see what's going on.</P> Wed, 13 Jul 2022 21:45:10 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/issue-in-reported-vulnerability/m-p/508693#M525 RPrasadi 2022-07-13T21:45:10Z