tianon
commented
7 months ago This image has been rebuilt several times since this was opened, so if there's a fix for this available, it should long-since be in the images.
https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves might be useful for future reference.
https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBXML2-5747748
This is a high severity vulnerability that can lead to a Denial of Service (DoS) attack. (note: this only applies when lxml is used together with libxml2 2.9.10 through 2.9.14). This is introduced through the use of libxml2@2.9.14+dfsg-1.2 and is fixed in libxml2@2.9.14+dfsg-1.3~deb12u1.