Aquascan reporting critical vulnerability for CVE-2024-41110 #3418
Description
Bug Report
What did you do?
Ran aquascan against quay.io/operator-framework/olm:v0.28.0 and it flagged the image as being vulnerable to a critical CVE, CVE-2024-41110. Can the image please be updated to remediate this CVE?
| cve | sev | epss | package | type | version | fixedIn | arch | path |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41110 | critical (aqua) | 0.045% | github.com/docker/docker | go (aqua) | 25.0.5+incompatible (aqua) | 27.1.1 (aqua) | amd64 | /bin/olm:/bin/cpb:/bin/catalog (aqua) |
cve sev epss package type version fixedIn arch path
CVE-2024-41110 critical (aqua) 0.045% github.com/docker/docker go (aqua) 25.0.5+incompatible (aqua) 27.1.1 (aqua) amd64 /bin/olm:/bin/cpb:/bin/catalog (aqua)
What did you expect to see?
Critical CVEs should be remediated.
What did you see instead? Under which circumstances?
Critical CVE was flagged by Aquascan.
Environment
- operator-lifecycle-manager version:
v0.28.0 / quay.io/operator-framework/olm@sha256:40d0363f4aa684319cd721c2fcf3321785380fdc74de8ef821317cd25a10782a
- Kubernetes version information:
N/A