Questions about mongodb container image cves


I have a question about security vulnerabilities (cves) with mongodb container images.

We are seeing cves (file attached) with some components of mongodb that are packaged into container image. Just want to check with the community and get some inputs on how evey one else is remediating these vulnerabilities. Our scanning tool is a combination of generating SBOM and then running it via OWasp Dependency-Track.

|openssl| 1.1.1f-1ubuntu2.16| NVD CVE-2021-3711| Critical|
|| v2.4.0| NVD CVE-2022-28948| High|
||v0.3.7|NVD CVE-2022-32149|High|
|tar|1.30+dfsg-7ubuntu0.20.04.2|NVD CVE-2019-9923|High|
|gnupg| 2.2.19-3ubuntu2.2| NVD CVE-2022-34903|Medium|
|apt| 2.0.9| NVD CVE-2020-3810|Medium|
|procps| 2:3.3.16-1ubuntu2.3|NVD CVE-2018-1121|Medium|
|passwd| 1:4.8.1-1ubuntu5.20.04.2|NVD CVE-2009-2360|Medium|

The Docker community is the party responsible for the mongodb containers.

I see you have already raised an issue there.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.