search

docker-library / mongo

Docker Official Image packaging for MongoDB
https://www.mongodb.org/
Apache License 2.0
1.03k stars 619 forks source link

CVE-2023-29403 #659

Closed Sravani-K closed 9 months ago

Sravani-K commented 9 months ago

I am trying to provision mongo:7.0.4 image in our corporate repository where security scanner has shown vulnerabilities with go binaries. As these are from gosu, I have used govulncheck tool with GOSU_VERSION 1.16.

It has reported a CVE, CVE-2023-29403. Can you please fix or provide justification if it is not an issue?

LaurentGoderre commented 9 months ago

@Sravani-K this is a false positive: https://github.com/tianon/gosu/blob/master/SECURITY.md#reporting-vulnerabilities

yosifkit commented 9 months ago

indeed: https://github.com/tianon/gosu/blob/2dada3bb5dfbc1e7162a29907691b6f45995d54e/govulncheck-with-excludes.sh#L9-L12 -> https://github.com/tianon/gosu/issues/128#issuecomment-1607803883

Sravani-K commented 9 months ago

@yosifkit missed the wrapper script. Thank you for the response.