False positive?
kwaazaar opened this issue · 2 comments
kwaazaar commented
I use Twistlock image vulnerability scanning and it finds a new CVE since sunday. Is this a false positive?
Vulnerabilities
Image ID CVE Package Version Severity Status CVSS
tomcat:9-jdk8-openjdk-slim 54b465e3c80e21ac CVE-2017-10140 db5.3 5.3.28+dfsg1-0.5 high fixed in 5.3.28-13.1 7.8
kwaazaar commented
I just noticed this CVE was previously classified by Twistlock as medium, now it's high. I'll check with them why it has changed.
kwaazaar commented
Confirmed by Twistlock the issue is in their tooling. A recent update removed this false positive