Comment 0 for bug 2072883

Previously reported here: https://github.com/docker-library/cassandra/issues/276#issuecomment-2222627720

Using the latest official ubuntu:noble (or ubuntu:24.10 and probably others) images from dockerhub and installing gosu via `apt update && apt install gosu`.
If I create such an image, docker scout reports a few critical and high vulnerabilities.
----

docker run ubuntu:noble -it /bin/bash

# inside the container
apt update && apt install gosu
gosu --version
1.17 (go1.21.3 on linux/arm64; gc)

# create a new image with installed gosu
docker commit <container_id> ubuntu-noble-security
docker scout cves --locations --only-severity "critical,high" ubuntu-noble-security
...
    ✗ Detected 1 vulnerable package with 3 vulnerabilities
## Packages and Vulnerabilities

   1C 2H 0M 0L stdlib 1.21.3
pkg:golang/stdlib@1.21.3

6: sha256:72d0bb40b06f68e2b1dbbd238d3aa6696de4df6793602d68417c2bac696c10ca
/usr/sbin/gosu (evident by)

    ✗ CRITICAL CVE-2024-24790
      https://scout.docker.com/v/CVE-2024-24790
      Affected range : <1.21.11
      Fixed version : 1.21.11

    ✗ HIGH CVE-2024-24791
      https://scout.docker.com/v/CVE-2024-24791
      Affected range : <1.21.12
      Fixed version : 1.21.12

    ✗ HIGH CVE-2023-45283
      https://scout.docker.com/v/CVE-2023-45283
      Affected range : >=1.21.0-0
                     : <1.21.4
      Fixed version : 1.21.4