CVE-2023-29403
Sravani-K opened this issue · 3 comments
Sravani-K commented
I am trying to provision mongo:7.0.4 image in our corporate repository where security scanner has shown vulnerabilities with go binaries. As these are from gosu, I have used govulncheck tool with GOSU_VERSION 1.16.
It has reported a CVE, CVE-2023-29403. Can you please fix or provide justification if it is not an issue?
LaurentGoderre commented
@Sravani-K this is a false positive: https://github.com/tianon/gosu/blob/master/SECURITY.md#reporting-vulnerabilities
yosifkit commented