Closed SanjayVas closed 1 month ago
Not yet fixed in upstream Debian Bookworm. See https://security-tracker.debian.org/tracker/CVE-2024-45491
Looks like bookworm (security) has the fixed version now, which means it should be picked up by upstream distroless soon.
Appears to be fixed in latest gcr.io/distroless/java17-debian12:nonroot (sha256:2db4acff2603088acaf67dac414462c9fcc3e2cc3ff9a642d5af9c7cff2b5fe9)
CVE-2024-45491
Tracking issue for: