I have a question about security vulnerabilities (cves) with mongodb container images.
We are seeing cves (file attached) with some components of mongodb that are packaged into container image. Just want to check with the community and get some inputs on how evey one else is remediating these vulnerabilities. Our scanning tool is a combination of generating SBOM and then running it via OWasp Dependency-Track.
|openssl| 1.1.1f-1ubuntu2.16| NVD CVE-2021-3711| Critical|
|gopkg.in/yaml.v2| v2.4.0| NVD CVE-2022-28948| High|
|gnupg| 2.2.19-3ubuntu2.2| NVD CVE-2022-34903|Medium|
|apt| 2.0.9| NVD CVE-2020-3810|Medium|
|procps| 2:3.3.16-1ubuntu2.3|NVD CVE-2018-1121|Medium|
|passwd| 1:4.8.1-1ubuntu5.20.04.2|NVD CVE-2009-2360|Medium|