Hi,

I’m finding the issues highlighted by DockerScout to be inaccurate in some scenarios.

For example, docker scout is saying that tomcat 8.5.90 has this issue:

https://dso.docker.com/cve/CVE-2016-8745?_gl=1*15a07co*_ga*MTMxNTc2NTkzNi4xNjg1OTA1NjQ2*_ga_XJWPQMJYHQ*MTY4NzI2NTY0NC4xNi4xLjE2ODcyNjU3NDcuMTcuMC4w

But when you follow the link - you find that issue was fixed in tomcat 8.5.9.

I suspect that DockerScout has issues with reading version numbers that go into the double digits?

Or am I missing something here?

Paul

Your assumption could be right, unless somehow the same vulnerability came back. You could try to report the issue on hub-feedback