Vulnerability found in logstash-oss:8.13.2

[Skyapip]

On scanning the logstash-oss:8.13.2 docker image, found the below vulnerability in it.

Type	Severity	CVSS	CVE	Package Name	Package Version	Fix Status
Jar	Critical	9.8	CVE-2022-46337	derby	10.15.2.1	fixed in: 10.17.1.0
Jar	High	7.1	CVE-2023-2976	com.google.guava_guava	25.1-android	fixed in: 32.0.0
Product	Medium	5.5	CVE-2022-45146	java	17.0.10	fixed in: 1.0.2.4
Jar	Moderate	5.3	CVE-2024-29025	io.netty_netty-codec-http	4.1.100.Final	fixed in: 4.1.108.Final
Jar	Medium	4.7	CVE-2023-35116	com.fasterxml.jackson.core_jackson-databind	2.15.2	fixed in: 2.16.0
Jar	Medium	4.7	CVE-2023-35116	com.fasterxml.jackson.core_jackson-databind	2.15.3	fixed in: 2.16.0
Package	Medium	0	CVE-2024-28834	gnutls28	3.6.13-2ubuntu1.10	fixed in: 3.6.13-2ubuntu1.11
Jar	Low	3.7	CVE-2020-9488	org.apache.logging.log4j_log4j	1.2-api-2	fixed in: 2.3.2, 2.12.3, 2.13.2
Jar	Low	3.3	CVE-2020-8908	com.google.guava_guava	25.1-android	fixed in: 32.0.0

[jsvd]

Thank you for your report.

Elastic's security reporting guidelines are available at https://www.elastic.co/community/security. Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to security@elastic.co

We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.

[jsvd]

Can you share the security scanner being used? Thank you.