fix(redhat): always use vulns with fixed version if there is one (#2165)

Co-authored-by: knqyf263 <knqyf263@gmail.com>
2025-12-05 20:40:16 -08:00 · 2022-05-26 14:24:31 +06:00
parent 4ceae2a052
commit 1e1ccbec52
1 changed files with 5 additions and 1 deletions
--- a/pkg/detector/ospkg/redhat/redhat.go
+++ b/pkg/detector/ospkg/redhat/redhat.go
@@ -159,7 +159,11 @@ func (s *Scanner) detect(osVer string, pkg ftypes.Package) ([]types.DetectedVuln

 		// unpatched vulnerabilities
 		if adv.FixedVersion == "" {
-			uniqVulns[vulnID] = vuln
+			// Red Hat may contain several advisories for the same vulnerability (RHSA advisories).
+			// To avoid overwriting the fixed version by mistake, we should skip unpatched vulnerabilities if they were added earlier
+			if _, ok := uniqVulns[vulnID]; !ok {
+				uniqVulns[vulnID] = vuln
+			}
 			continue
 		}