Update packages containing critical vulnerabilities
lkkuma opened this issue · comments
While working on building Docker images, Docker Scout reported the following packages with resolvable vulnerabilities:
GoLang stdlib (>= 1.20.10)
CVE-2023-44487
CVE-2023-39325
CVE-2023-39319
CVE-2023-39318
CVE-2023-29409
golang.org/x/net (>= 0.17.0)
CVE-2023-44487
CVE-2023-39325
CVE-2023-3978
google.golang.org/grpc (>= 1.56.3)
GHSA-m425-mq94-257g
CVE-2023-44487
github.com/cloudflare/circl (>= 1.3.3)
CVE-2023-1732
Please review and update these packages.
EDIT:
The command I use is this
curl -L --output cloudflared.deb https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb && dpkg -i cloudflared.deb
running on Ubuntu 23.10