Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561

Question

Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561

shuukphil opened this issue 5 months ago · 4 comments

I can see these CVE issues across all version of MongoDB, are these false positive or it fixable?
I tried upgraded your gosu from 1.16 to 1.17 during the container re-build from your official docker image, When I run it the CVE are gone and my application still functions, just have doubt and wanted to ask MongoDB team will it break some functionalities if i upgraded your gosu?
Thanks

Answer 1 · 2024-02-05T18:58:37.000Z

Updating to the newer gosu would be great! 😄

Answer 2 · 2024-02-05T18:59:07.000Z

Ah, #672 😄

Answer 3 · 2024-02-08T04:34:31.000Z

@tianon Will this be applied on docker hub official Images ?

Answer 4 · 2024-02-08T17:08:45.000Z

https://github.com/docker-library/mongo/tree/12fc21f8786d0ec14c01ce40a1487d893ef512b9#see-a-change-merged-here-that-doesnt-show-up-on-docker-hub-yet

It already has been: docker-library/official-images#16205