Skip to content

Commit 52a7ad7

Browse files
cx-aniket-shindecx-aniket-shinde
committed
Create .trivyignore
1 parent 3c86c03 commit 52a7ad7

1 file changed

Lines changed: 15 additions & 0 deletions

File tree

.trivyignore

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# OS-layer vulnerabilities in base image (checkmarx/bash:5.3-r5-98621acba7807a)
2+
# These require Checkmarx to publish an updated base image with glibc >= 2.43-r6
3+
# Tracked in Dockerfile TODO comment
4+
5+
# glibc: Denial of Service via iconv() (MEDIUM) - fixed in glibc 2.43-r6
6+
CVE-2026-4046
7+
8+
# glibc: Incorrect DNS response parsing (MEDIUM) - fixed in glibc 2.43-r4
9+
CVE-2026-4437
10+
11+
# glibc: Invalid DNS hostname via gethostbyaddr (MEDIUM) - fixed in glibc 2.43-r4
12+
CVE-2026-4438
13+
14+
# libcrypto3/libssl3: OpenSSL vulnerability (LOW) - requires base image update
15+
CVE-2026-2673

0 commit comments

Comments
 (0)