You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
## Packages and Vulnerabilities
0C 1H 0M 0L cryptography 3.4.8
pkg:pypi/[email protected]
6: sha256:02345afc3af08ee5903273fe8ee825ce2611e764e3f31016f03eaaa6be7934bc
/usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/PKG-INFO (evident by)
/usr/lib/python3/dist-packages/cryptography-3.4.8.egg-info/top_level.txt (evident by)
✗ HIGH CVE-2023-50782 [Observable Discrepancy]
https://scout.docker.com/v/CVE-2023-50782?s=github&n=cryptography&t=pypi&vr=%3C42.0.0
Affected range : <42.0.0
Fixed version : 42.0.0
CVSS Score : 8.7
CVSS Vector : CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1 vulnerability found in 1 package
CRITICAL 0
HIGH 1
MEDIUM 0
LOW 0
Suggested fix: docker scout should map the egg-info directories to apt packages. If they have been installed via apt, they should not be detected as pypi installed packages.
The text was updated successfully, but these errors were encountered:
Given Dockerfile
When I run
I get in the output:
Suggested fix: docker scout should map the egg-info directories to apt packages. If they have been installed via apt, they should not be detected as pypi installed packages.
The text was updated successfully, but these errors were encountered: