I am using trivy to scan docker images in #harbor . For some CVE it shows Current Version and Fixed in Version and some it doesn't shows. So I would like to know what may be the reason? Does that means it's not able to detect in which specific version that CVE has been fixed? In that case updating to latest version is recommended or it's some kind of bug in Harbor
For CVE-2022-41903 I checked Git latest version is 2.41.0 but this CVE-2022-41903 is fixed in git version 2.40. my git current version 1:2.30.2-1 fix version not mentioned in #harbor So in this case what is recommended upgrade to 2.40 or go for latest
