Vulnerability Scan Report for registry.suse.com/bci/golang:1.18-19.18

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.18-19.18

Last scanned on: May 21, 2025 11:42

Package Name	Severity	Status	Description	Reference links
git-core	HIGH	fixed	Security update for git Vulnerability ID: SUSE-SU-2024:1807-1 Installed Version: 2.35.3-150300.10.21.1 Fixed Version: 2.35.3-150300.10.39.1 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).	CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 SU-20241807-1 SUSE Bug#1224168 SUSE Bug#1224170 SUSE Bug#1224171 SUSE Bug#1224172 SUSE Bug#1224173 SUSE Mailing List [sle-updates] 2024-May#035389 SUSE Security Rating
git-core	HIGH	fixed	Security update for git Vulnerability ID: SUSE-SU-2024:2656-1 Installed Version: 2.35.3-150300.10.21.1 Fixed Version: 2.35.3-150300.10.42.1 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)	CVE-2024-24577 SU-20242656-1 SUSE Bug#1219660 SUSE Mailing List [sle-updates] 2024-July#036192 SUSE Security Rating
git-core	MEDIUM	fixed	Security update for git Vulnerability ID: SUSE-SU-2023:0430-1 Installed Version: 2.35.3-150300.10.21.1 Fixed Version: 2.35.3-150300.10.24.1 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028).	CVE-2023-22490 CVE-2023-23946 SU-20230430-1 SUSE Bug#1208027 SUSE Bug#1208028 SUSE Mailing List [sle-security-updates] 2023-February#013770 SUSE Security Rating
git-core	MEDIUM	fixed	Security update for git Vulnerability ID: SUSE-SU-2023:2038-1 Installed Version: 2.35.3-150300.10.21.1 Fixed Version: 2.35.3-150300.10.27.1 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686).	CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 SU-20232038-1 SUSE Bug#1210686 SUSE Mailing List [sle-updates] 2023-April#029003 SUSE Security Rating
git-core	MEDIUM	fixed	Security update for git Vulnerability ID: SUSE-SU-2025:0144-1 Installed Version: 2.35.3-150300.10.21.1 Fixed Version: 2.35.3-150300.10.48.1 This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).	CVE-2024-50349 CVE-2024-52006 SU-20250144-1 SUSE Bug#1235600 SUSE Bug#1235601 SUSE Mailing List [sle-security-updates] 2025-January#020145 SUSE Security Rating