Hi, I am installing nodejs on top of a debian (bookworm-slim) image for some task. While the intended functionality works fine, the security scan (JFrog Xray) fails with a critical and high issue. I see some fix in sid but since it is development mode (I believe) is there any way we could get a fix in bookworm release or is there any other suggestion.
CVE-2023-45853 JFrog Severity -High Components - debian:bookworm:zlib1g:1:1.2.13.dfsg-1 Version 1:1.2.13.dfsg-1 CVSS Score - 9.8 (v3) Summary A heap buffer overflow in zlib may lead to remote code execution when parsing a malicious archive. == CVE-2023-31484 JFrog Severity - High Components - debian:bookworm:perl-base:5.36.0-7 Version - 5.36.0-7 CVSS Score -8.1 (v3) Summary Missing TLS check in CPAN.pm allows man-in-the-middle attacks when downloading packages and may lead to code execution. Thanks, Thomas
