4.7
CVSS CVSS_V3
Status
Justification
Impact
This vulnerability was fixed in podman version v5.2.4, however, grype is still reporting this vulnerability when scanning the v5.2.4 package. For evidence of the fix, please see the advisory, which lists v5.2.4 as the fixed version: https://github.com/advisories/GHSA-fhqq-8f65-5xfc. Additionally, see the podman release notes, which list v5.2.4 as the fixed version of for this CVE. The code diff also shows buildah being bumped to v1.37.4: https://github.com/containers/podman/releases/tag/v5.2.4.
Status