Yes, it was found in multiple security scans over time.
Given the capability you are leveraging, describe your expectation?
Will updating the below docker images update the versions of busybox, openssl, nats-server, and protobuf versions to the latest versions that don't contain the vulnerabilities shown in the next section?
nats: update to 2.10.14-alpine
natsio/nats-server-config-reloader: update to 0.11.0
natsio/prometheus-nats-exporter: update to 0.14.2
Given the expectation, what is the defect you are observing?
What version were you using?
busybox: 1.36.1-r0 openssl: 1.36.1-r0 nats-server: 2.9.19 nkeys: 0.4.4 protobuf: 1.30.0
What environment was the server running in?
nats: 2.10.11-alpine natsio/nats-server-config-reloader: 0.11.0 natsio/prometheus-nats-exporter: 0.12.0
Is this defect reproducible?
Yes, it was found in multiple security scans over time.
Given the capability you are leveraging, describe your expectation?
Will updating the below docker images update the versions of busybox, openssl, nats-server, and protobuf versions to the latest versions that don't contain the vulnerabilities shown in the next section?
nats: update to 2.10.14-alpine natsio/nats-server-config-reloader: update to 0.11.0 natsio/prometheus-nats-exporter: update to 0.14.2
Given the expectation, what is the defect you are observing?
Critical: CVE-2022-48174
High: CVE-47090 CVE-2023-5363 CVE-2023-6237 CVE-2024-2511 CVE-2023-46129 CVE-2024-24786