CVE-2020-35191
Closed this issue · 2 comments
jgamblin commented
Someone filed CVE-2020-35191 against your docker image. After looking at your dockerfile I do not think it is vulnerable and should be disputed.
tianon commented
IMO, for this to get a dedicated CVE is insane -- it's really just another instance of literally CVE-2019-5021.
Also, as you've noted, none of the supported versions of this image are actually vulnerable today (nor have they been since it was fixed in the Alpine base image).
tianon commented
It's lovely that this never even got marked as "DISPUTED" even though I did actively dispute it through the appropriate form. Just one more reason to lose faith in CVEs, I suppose. 🤷