Replies: 2 comments
-
|
Which analyzer is reporting the vulnerability? You can enable a column to show the analyzer. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
This is the Sonatype analyser. I managed to get the Trivy analyser working and it did not show this vulnerability. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi. We raised with a development team a number of vulnerabilities that were showing against their product and when they looked at them, they highlighted a number that they were using that DT was incorrectly flagging.
To recreate. Create a project and add a component with
Name: krb5
Version: 1.20.1
Purl: pkg:conda/[email protected]
Save it and after a while you will get a number of vulnerabilities. One is:
CVE-2000-0389 https://nvd.nist.gov/vuln/detail/CVE-2000-0389
This does not show version 1.20.1 as being affected.
Am I missing something or is it correctly being highlighted? Thanks, N
Beta Was this translation helpful? Give feedback.
All reactions