rust-crate false-positive: CVE-2019-3826 #902
Labels
bug
Something isn't working
changelog-ignore
Don't include this issue in the release changelog
ecosystem:rust
relating to the rust ecosystem
false-positive:cpe
This issue is a report of a false positive cause by CPE matching
false-positive
What happened:
False-positive for the following rust-crate:
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
prometheus 0.13.1 2.7.1 rust-crate CVE-2019-3826 Medium
What you expected to happen:
0.13.1 is the latest version of that crate. See https://crates.io/crates/prometheus
grype seems to mix up the version of Prometheus with the version of the crate.
Environment:
The text was updated successfully, but these errors were encountered: