We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Originally posted by bvahdat September 20, 2023
CVE-2023-1108
Scanning a custom Docker image finds a vulnerability by the maven artifact io.undertow:undertow-core:2.2.24.Final
io.undertow:undertow-core:2.2.24.Final
┌───────────────────────────────────────────────────┬──────────────────┬──────────┬───────────────────┬──────────────────────────────────┬────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────────────────────────────┼──────────────────┼──────────┼───────────────────┼──────────────────────────────────┼────────────────────────────────────────────────────────────┤ │ io.undertow:undertow-core (my-app.jar) │ CVE-2023-1108 │ HIGH │ 2.2.24.Final │ 2.3.5.Final │ Infinite loop in SslConduit during close │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-1108 │ ├───────────────────────────────────────────────────┼──────────────────┼──────────┼───────────────────┼──────────────────────────────────┼────────────────────────────────────────────────────────────┤
However starting from undertow 2.2.24.Final CVE-2023-1108 is already fixed and has been tracked through:
2.2.24.Final
https://issues.redhat.com/browse/UNDERTOW-2239
This can be verified through this GitHub blame link on the 2.2.24.Final tagged codebase.
More details available by the following links:
1. 2. 3. ...
Filesystem
License
No response
.
v0.42.0
-f json
The text was updated successfully, but these errors were encountered:
Please see https://aquasecurity.github.io/trivy/latest/community/contribute/issue/
Sorry, something went wrong.
No branches or pull requests
Discussed in #5221
Originally posted by bvahdat September 20, 2023
IDs
CVE-2023-1108
Description
Scanning a custom Docker image finds a vulnerability by the maven artifact
io.undertow:undertow-core:2.2.24.Final
However starting from undertow
2.2.24.Final
CVE-2023-1108 is already fixed and has been tracked through:https://issues.redhat.com/browse/UNDERTOW-2239
This can be verified through this GitHub blame link on the
2.2.24.Final
tagged codebase.More details available by the following links:
Reproduction Steps
Target
Filesystem
Scanner
License
Target OS
No response
Debug Output
.
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctThe text was updated successfully, but these errors were encountered: