CNNVD-202511-2710 Information

CNNVD ID

CNNVD-202511-2710

Related CVE

CVE-2025-65965

• CNNVD Published: 2025-11-25

Description (Chinese)

grype是Anchore开源的一个漏洞扫描程序。 grype 0.68.0版本至0.104.0版本存在安全漏洞，该漏洞源于输出文件中包含未清理的注册表凭据，可能导致凭据泄露。

Description (English)

grype is a leak scanning program for the Anchore open source. There is a security loophole in the grype 0.68.0 to 0.104.0, which stems from the fact that the output document contains an uncleaned certificate of registration, which could lead to a leak.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Anchore

Published

2025-11-25

Last Modified

2026-02-24

References

https://github.com/anchore/grype/commit/39f7fa17af2739cafe9b27176d4a68f7c05f21c1 https://github.com/anchore/grype/pull/3068 https://github.com/anchore/grype/security/advisories/GHSA-6gxw-85q2-q646 https://access.redhat.com/security/cve/cve-2025-65965

Patch

https://github.com/anchore/grype/releases