Issue in reported vulnerability

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issue in reported vulnerability

L0 Member

Hi Prismacloud team,

We are getting below three golang vulnerabilities in all images and hosts which don't have golang installed.

These go vulnerabilities are reported even in all the node based docker images and also in all hosts which don’t have any jar or application related to golang.

 

Could you please explain to us why we are getting these vulnerabilities in all hosts and images. Please refer to the screenshot attached.

NSrinivasan_0-1644498597803.png

 

 

CVE-2021-45046

CVE-2020-29652

CVE-2021-44716

3 REPLIES 3

L1 Bithead

Are you able to find the vulnerable package by searching within the "Package Info" tab?

L0 Member

Let me check. Thanks for the reply.

L4 Transporter

Sometimes a CVE can belong to a different application, we need to understand what images they are scanning if they can give us the pull URL, we can download the image from the repo and scan it individually and see what's going on.

None
  • 2176 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!