DockerScout highlighting issues that don't exist in JDK?


I’m finding the issues highlighted by DockerScout to be inaccurate in some scenarios.

For example, docker scout is saying that tomcat 8.5.90 has this issue:

But when you follow the link - you find that issue was fixed in tomcat 8.5.9.

I suspect that DockerScout has issues with reading version numbers that go into the double digits?

Or am I missing something here?


Your assumption could be right, unless somehow the same vulnerability came back. You could try to report the issue on hub-feedback