CVEs seem incorrectly linked to snappy package
Our build pipeline uses Wiz to scan docker images for vulnerabilities. It is currently reporting that it detects critical vulnerabilities in the snappy
package. It cites https://security.alpinelinux.org/vuln/CVE-2023-28115 and https://security.alpinelinux.org/vuln/CVE-2023-41330 as the vulnerabilities. These CVEs refer to a different package KnpLabs/snappy
that also has snappy in it's name. So far as I can tell it is unrelated to the snappy package in Alpine, but the Alpine security tracker seems to be incorrectly linking the CVEs. I think this is leading to a false positive in Wiz. Could you review these vulnerabilities?