Hi,
We are using confluentinc/cp-schema-registry:7.2.0 for one of our projects.
While scanning the confluentinc/cp-schema-registry:7.2.0 with Aquasec Scanner, we are getting a few CVEs:
These CVE are associated with various Java based packages which have high vulnerabilities associated:
CVE-2022-2048 http2-server 9.4.44.v20210927
CVE-2021-22573 google-oauth-client 1.32.1
How are http2-server, google-oauth-client being used in cp-schema-registry.
Would it be possible to update the packages in cp-schema-registry to fixed versions?
Thanks and Regards
Brijesh