Need help regarding vulnerable dependencies installed in the Mongo docker images

There are a few libraries i.e. stdlib 1.18.2 and runc 1.1.0, which have Critical and High vulnerabilities.
Currently, we are using, Mongo 5.0 and considering upgrading to 6.0 or 7.0. However, both these images have the same dependency versions installed. That means the vulnerabilities are still there in the latest patch version.

I would like to know the timeline for when we are going to address these vulnerabilities in the latest patch versions.

Hi MongoDB team, would like to ask the same questions too, this CVE appeared on all your official Images even in MongoDB 7.0.

1 Like

Hi MongoDB team, I upgraded your gosu from 1.16 to 1.17 during the container re-build from your official docker image, will it break some functionalities if i upgraded your gosu?

Added some command from here

@Haryanto_Wei_Yang_Luo

The “official docker image” https://hub.docker.com/_/mongo is an image maintained by the docker community.

Per the image page file issue on the project github:

Hi @chris Thanks,
I created Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 · Issue #671 · docker-library/mongo · GitHub

1 Like