You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per SUSE Advisory, there is no CVE-2023-42282 found.
Therefore, the CVE is not apply for SUSE ecosystem.
Grype should not report this vulnerability.
It seems that vulnerability is solely based on NVD CPE regardless argument "--distro sles:15.5" is provided to Grype.
How to reproduce it (as minimally and precisely as possible):
Build a test SUSE image and install with this package npm18-18.18.2-150400.9.15.1.x86_64
Anything else we need to know?:
Environment:
Output of grype version: grype 0.74.7
OS (e.g: cat /etc/os-release or similar):
NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
The text was updated successfully, but these errors were encountered:
What happened:
Scan on custom image and get this vulnerability reported:
ip 2.0.0 2.0.1 npm GHSA-78xj-cgh5-2h22 Medium
Issue: "GHSA-78xj-cgh5-2h22" ------> "CVE-2023-42282"
:
"locations": [
{
"path": "/usr/lib64/node_modules/npm18/node_modules/ip/package.json",
"layerID": "sha256:8cbcaaf005a84d63ae8755f21c3504fd224b9fcc1fa6ea021b30938e6065f3a9"
}
What you expected to happen:
As per SUSE Advisory, there is no CVE-2023-42282 found.
Therefore, the CVE is not apply for SUSE ecosystem.
Grype should not report this vulnerability.
It seems that vulnerability is solely based on NVD CPE regardless argument "--distro sles:15.5" is provided to Grype.
How to reproduce it (as minimally and precisely as possible):
Build a test SUSE image and install with this package npm18-18.18.2-150400.9.15.1.x86_64
Anything else we need to know?:
Environment:
grype version
: grype 0.74.7cat /etc/os-release
or similar):NAME="SLES"
VERSION="15-SP5"
VERSION_ID="15.5"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP5"
The text was updated successfully, but these errors were encountered: