We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
2 parents 270396f + 0ea1edc commit 5686ccaCopy full SHA for 5686cca
1 file changed
.trivyignore
@@ -30,3 +30,11 @@ CVE-2026-42577 exp:2026-09-11
30
# See: UID2-7364
31
CVE-2026-54512 exp:2026-07-25
32
CVE-2026-54513 exp:2026-07-25
33
+
34
+# CVE-2026-2100 — p11-kit NULL dereference via C_DeriveKey in the Alpine base image.
35
+# uid2-admin is a pure Java service; the JVM uses JSSE for TLS and the bundled Java cacerts keystore for trust — it does
36
+# not load the native p11-kit PKCS#11 module loader and never calls C_DeriveKey, so the
37
+# vulnerable code path is not reachable. Fixed in Alpine v3.23 >= 0.26.2-r0 but the pinned
38
+# eclipse-temurin base image has not yet been rebuilt with it.
39
+# See: UID2-7376
40
+CVE-2026-2100 exp:2026-09-01
0 commit comments