Package: git-lfs Version: 2.13.2-1+b5 After I install git-lfs the docker image is seen as having the following cve's:
CVE-2022-23806 CVE-2021-38297 CVE-2022-27664 CVE-2022-30631 CVE-2022-32189 CVE-2022-30632 CVE-2022-30635 CVE-2022-28131 CVE-2022-30630 CVE-2022-30633 CVE-2022-23773 CVE-2022-24921 CVE-2022-24675 CVE-2022-28327 CVE-2022-30580 CVE-2021-41772 CVE-2021-41771 CVE-2021-44716 CVE-2021-39293 CVE-2022-23772 CVE-2021-33194 CVE-2021-33195 CVE-2021-33196 CVE-2021-33198 CVE-2021-29923 Seen from the version of go used to build git-lfs, "name": "go", "version": "1.15.9", "path": "/usr/bin/git-lfs", "layerTime": 0, "knownVulnerabilities": 72 Example Dockerfile used for testing FROM debian:stable-slim RUN apt-get update && apt-get upgrade -y && apt-get install -y git-lfs I suggest that the version of go used to build git-lfs is updated to a current version. Thank you, Jesse Bower
