When uploading the latest YaraHunter image to Google Cloud Artifact Registry, the container scanning feature reports many critical and high value CVEs.
I would like to know if it would be possible to upgrade Go and any other dependencies that contain critical or high scoring CVEs.
Table of fixable high/critical Go CVE's:
Name Effective severity VEX status Package Package type
CVE-2023-29405 Critical Unspecified go Go stdlib View fix
CVE-2023-24540 Critical Unspecified go Go stdlib View fix
CVE-2023-24538 Critical Unspecified go Go stdlib View fix
CVE-2023-29402 Critical Unspecified go Go stdlib View fix
CVE-2023-39320 Critical Unspecified go Go stdlib View fix
CVE-2022-23806 Critical Unspecified go Go stdlib View fix
CVE-2023-29404 Critical Unspecified go Go stdlib View fix
CVE-2021-38297 Critical Unspecified go Go stdlib View fix
CVE-2022-24675 High Unspecified go Go stdlib View fix
CVE-2022-41723 High Unspecified go Go stdlib View fix
CVE-2022-30633 High Unspecified go Go stdlib View fix
CVE-2021-39293 High Unspecified go Go stdlib View fix
CVE-2022-2880 High Unspecified go Go stdlib View fix
CVE-2022-41715 High Unspecified go Go stdlib View fix
CVE-2022-24921 High Unspecified go Go stdlib View fix
CVE-2022-30580 High Unspecified go Go stdlib View fix
CVE-2022-30632 High Unspecified go Go stdlib View fix
CVE-2023-24534 High Unspecified go Go stdlib View fix
CVE-2022-41724 High Unspecified go Go stdlib View fix
CVE-2021-33198 High Unspecified go Go stdlib View fix
CVE-2021-33195 High Unspecified go Go stdlib View fix
CVE-2023-24536 High Unspecified go Go stdlib View fix
CVE-2023-29400 High Unspecified go Go stdlib View fix
CVE-2022-23773 High Unspecified go Go stdlib View fix
CVE-2023-39322 High Unspecified go Go stdlib View fix
CVE-2022-30635 High Unspecified go Go stdlib View fix
CVE-2021-41771 High Unspecified go Go stdlib View fix
CVE-2021-33196 High Unspecified go Go stdlib View fix
CVE-2022-30631 High Unspecified go Go stdlib View fix
CVE-2023-29403 High Unspecified go Go stdlib View fix
CVE-2022-32189 High Unspecified go Go stdlib View fix
CVE-2021-41772 High Unspecified go Go stdlib View fix
CVE-2023-24537 High Unspecified go Go stdlib View fix
CVE-2022-41725 High Unspecified go Go stdlib View fix
CVE-2023-39533 High Unspecified go Go stdlib View fix
CVE-2022-28131 High Unspecified go Go stdlib View fix
CVE-2022-30630 High Unspecified go Go stdlib View fix
CVE-2022-28327 High Unspecified go Go stdlib View fix
CVE-2023-24539 High Unspecified go Go stdlib View fix
CVE-2023-39321 High Unspecified go Go stdlib View fix
CVE-2022-27664 High Unspecified go Go stdlib View fix
CVE-2022-23772 High Unspecified go Go stdlib View fix
CVE-2022-2879 High Unspecified go Go stdlib View fix
CVE-2021-29923 High Unspecified go Go stdlib View fix
CVE-2021-44716 High Unspecified go Go stdlib View fix
Other fixable high severity CVE's:
Name Effective severity CVSS Fix available VEX status Package Package type
CVE-2023-30861 High 7.5 Yes Unspecified flask Python View fix
CVE-2023-2253 High 6.5 Yes Unspecified github.com/docker/distribution Go View fix
Please advise on the possibilities of this? Updating it would prevent the need for building a custom image or forking the repo, which would be great to prevent, if possible.
When uploading the latest YaraHunter image to Google Cloud Artifact Registry, the container scanning feature reports many critical and high value CVEs.
I would like to know if it would be possible to upgrade Go and any other dependencies that contain critical or high scoring CVEs.
Table of fixable high/critical Go CVE's:
Name Effective severity VEX status Package Package type
CVE-2023-29405 Critical Unspecified go Go stdlib View fix
CVE-2023-24540 Critical Unspecified go Go stdlib View fix
CVE-2023-24538 Critical Unspecified go Go stdlib View fix
CVE-2023-29402 Critical Unspecified go Go stdlib View fix
CVE-2023-39320 Critical Unspecified go Go stdlib View fix
CVE-2022-23806 Critical Unspecified go Go stdlib View fix
CVE-2023-29404 Critical Unspecified go Go stdlib View fix
CVE-2021-38297 Critical Unspecified go Go stdlib View fix
CVE-2022-24675 High Unspecified go Go stdlib View fix
CVE-2022-41723 High Unspecified go Go stdlib View fix
CVE-2022-30633 High Unspecified go Go stdlib View fix
CVE-2021-39293 High Unspecified go Go stdlib View fix
CVE-2022-2880 High Unspecified go Go stdlib View fix
CVE-2022-41715 High Unspecified go Go stdlib View fix
CVE-2022-24921 High Unspecified go Go stdlib View fix
CVE-2022-30580 High Unspecified go Go stdlib View fix
CVE-2022-30632 High Unspecified go Go stdlib View fix
CVE-2023-24534 High Unspecified go Go stdlib View fix
CVE-2022-41724 High Unspecified go Go stdlib View fix
CVE-2021-33198 High Unspecified go Go stdlib View fix
CVE-2021-33195 High Unspecified go Go stdlib View fix
CVE-2023-24536 High Unspecified go Go stdlib View fix
CVE-2023-29400 High Unspecified go Go stdlib View fix
CVE-2022-23773 High Unspecified go Go stdlib View fix
CVE-2023-39322 High Unspecified go Go stdlib View fix
CVE-2022-30635 High Unspecified go Go stdlib View fix
CVE-2021-41771 High Unspecified go Go stdlib View fix
CVE-2021-33196 High Unspecified go Go stdlib View fix
CVE-2022-30631 High Unspecified go Go stdlib View fix
CVE-2023-29403 High Unspecified go Go stdlib View fix
CVE-2022-32189 High Unspecified go Go stdlib View fix
CVE-2021-41772 High Unspecified go Go stdlib View fix
CVE-2023-24537 High Unspecified go Go stdlib View fix
CVE-2022-41725 High Unspecified go Go stdlib View fix
CVE-2023-39533 High Unspecified go Go stdlib View fix
CVE-2022-28131 High Unspecified go Go stdlib View fix
CVE-2022-30630 High Unspecified go Go stdlib View fix
CVE-2022-28327 High Unspecified go Go stdlib View fix
CVE-2023-24539 High Unspecified go Go stdlib View fix
CVE-2023-39321 High Unspecified go Go stdlib View fix
CVE-2022-27664 High Unspecified go Go stdlib View fix
CVE-2022-23772 High Unspecified go Go stdlib View fix
CVE-2022-2879 High Unspecified go Go stdlib View fix
CVE-2021-29923 High Unspecified go Go stdlib View fix
CVE-2021-44716 High Unspecified go Go stdlib View fix
Other fixable high severity CVE's: Name Effective severity CVSS Fix available VEX status Package Package type
CVE-2023-30861 High 7.5 Yes Unspecified flask Python View fix
CVE-2023-2253 High 6.5 Yes Unspecified github.com/docker/distribution Go View fix
Please advise on the possibilities of this? Updating it would prevent the need for building a custom image or forking the repo, which would be great to prevent, if possible.