CVE-2020-35191

[jgamblin]

Someone filed CVE-2020-35191 against your docker image. After looking at your dockerfile I do not think it is vulnerable and should be disputed.

Here is a blog I wrote on the subject.

[tianon]

IMO, for this to get a dedicated CVE is insane -- it's really just another instance of literally CVE-2019-5021.

Also, as you've noted, none of the supported versions of this image are actually vulnerable today (nor have they been since it was fixed in the Alpine base image).

[tianon]

It's lovely that this never even got marked as "DISPUTED" even though I did actively dispute it through the appropriate form. Just one more reason to lose faith in CVEs, I suppose. 🤷