Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 #671

shuukphil · 2024-02-05T02:23:44Z

I can see these CVE issues across all version of MongoDB, are these false positive or it fixable?
I tried upgraded your gosu from 1.16 to 1.17 during the container re-build from your official docker image, When I run it the CVE are gone and my application still functions, just have doubt and wanted to ask MongoDB team will it break some functionalities if i upgraded your gosu?
Thanks

tianon · 2024-02-05T18:58:37Z

Updating to the newer gosu would be great! 😄

tianon · 2024-02-05T18:59:07Z

Ah, #672 😄

alvintayzhenwei · 2024-02-08T04:34:31Z

@tianon Will this be applied on docker hub official Images ?

yosifkit · 2024-02-08T17:08:45Z

https://github.com/docker-library/mongo/tree/12fc21f8786d0ec14c01ce40a1487d893ef512b9#see-a-change-merged-here-that-doesnt-show-up-on-docker-hub-yet

It already has been: docker-library/official-images#16205

tianon mentioned this issue Feb 5, 2024

Update gosu to v1.17 #672

Merged

tianon closed this as completed in #672 Feb 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 #671

Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 #671

shuukphil commented Feb 5, 2024

tianon commented Feb 5, 2024

tianon commented Feb 5, 2024

alvintayzhenwei commented Feb 8, 2024

yosifkit commented Feb 8, 2024

Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 #671

Need help with CVE-2023-24538⁠, CVE-2023-24540, CVE-2024-21626 and CVE-2023-27561 #671

Comments

shuukphil commented Feb 5, 2024

tianon commented Feb 5, 2024

tianon commented Feb 5, 2024

alvintayzhenwei commented Feb 8, 2024

yosifkit commented Feb 8, 2024