Closed
Description
Expected behavior
I'm using mc in one of my Docker images. I'm scanning this image periodically with trivy.
There should be no security issues.
Actual behavior
usr/bin/mc (gobinary)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────┤
│ stdlib │ CVE-2025-22874 │ HIGH │ fixed │ v1.24.3 │ 1.24.4 │ crypto/x509: Usage of ExtKeyUsageAny disables policy │
│ │ │ │ │ │ │ validation in crypto/x509 │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22874 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────┘
Steps to reproduce the behavior
Scan any docker image with mc using trivy.
mc --version
- (paste output of
mc --version)
mc version RELEASE.2025-05-21T01-59-54Z (commit-id=f71ad84bcf0fd4369691952af5d925347837dcec)
Runtime: go1.24.3 linux/amd64
Copyright (c) 2015-2025 MinIO, Inc.
License GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
System information
Linux efa03c9d1874 6.6.71-0-virt #1-Alpine SMP PREEMPT_DYNAMIC 2025-01-10 14:56:02 x86_64 Linux