Hi,
Executing docker scout cves traefik:v3.7.1 --only-vuln-packages reports github.com/docker/cli@29.4.0+incompatible as affected by CVE-2025-15558 (GHSA-p436-gjf2-799p) with an unbounded affected range and no fixed version.
The upstream GitHub advisory gates this CVE to < v29.2.0 and marks it fixed in v29.2.0, so v29.4.0 is past the fix and should not match.
The scout CVE-2025-1558 details page is reporting the same information.
I'm not sure if this is the right place to report this issue, but what would be the best way to fix it?
Hi,
Executing
docker scout cves traefik:v3.7.1 --only-vuln-packagesreportsgithub.com/docker/cli@29.4.0+incompatibleas affected by CVE-2025-15558 (GHSA-p436-gjf2-799p) with an unbounded affected range and no fixed version.The upstream GitHub advisory gates this CVE to
< v29.2.0and marks it fixed in v29.2.0, sov29.4.0is past the fix and should not match.The scout CVE-2025-1558 details page is reporting the same information.
I'm not sure if this is the right place to report this issue, but what would be the best way to fix it?