Grype scanner found all this vulnerabilities in the library CVE-2018-25046, CVE-2020-13250, CVE-2021-38698, CVE-2022-40716, CVE-2020-7219, CVE-2020-28053, CVE-2021-3121, CVE-2021-37219
yogeshhrathod opened this issue · 1 comments
yogeshhrathod commented
Grype scanner found all this vulnerabilities in the library CVE-2018-25046, CVE-2020-13250, CVE-2021-38698, CVE-2022-40716, CVE-2020-7219, CVE-2020-28053, CVE-2021-3121, CVE-2021-37219
silas commented
- CVE-2018-25046 is for https://github.com/cloudfoundry/archiver
- CVE-2020-13250 is for the consul server
- CVE-2021-38698 is for the consul server
- CVE-2022-40716 is for the consul server
- CVE-2020-7219 is for the consul server
- CVE-2020-28053 is for the consul server
- CVE-2021-3121 is for GoGo Protobuf
- CVE-2021-37219 is for the consul server
If there is a vulnerability in the client I've never been made aware of it. This library has a single non-dev dependency of which I maintain (which has zero non-dev dependencies).
This seems to be a false positive in the Grype scanner.
If there is something I can actually address feel free to reopen.