We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
2 parents 65ffdc6 + dfd25d0 commit e610b24Copy full SHA for e610b24
1 file changed
.trivyignore
@@ -22,3 +22,11 @@ CVE-2026-42577 exp:2026-09-11
22
# See: UID2-7364
23
CVE-2026-54512 exp:2026-07-25
24
CVE-2026-54513 exp:2026-07-25
25
+
26
+# CVE-2026-2100 — p11-kit NULL dereference via C_DeriveKey in the Alpine base image.
27
+# uid2-core is a pure Java service; the JVM uses JSSE for TLS and the bundled Java cacerts keystore for trust — it does
28
+# not load the native p11-kit PKCS#11 module loader and never calls C_DeriveKey, so the
29
+# vulnerable code path is not reachable. Fixed in Alpine v3.23 >= 0.26.2-r0 but the pinned
30
+# eclipse-temurin base image has not yet been rebuilt with it.
31
+# See: UID2-7376
32
+CVE-2026-2100 exp:2026-09-01
0 commit comments