CRITICAL: Security Vulnerabilities Identified in thanos:v0.39.2

[Akashx1550]

Image: thanos:v0.39.2
Description:
Our security scans have identified vulnerabilities in busybox , _github.com/go-viper/mapstructure/v2_and stdlib packages included in thanos container. Details are as follows:

`
CVE-2023-42363 | busybox |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42364 | busybox |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42366 | busybox |   | medium | 5.5 | None |   |   |   |  
CVE-2023-42365 | busybox |   | medium | 5.5 | None |   |   |   |  
CVE-2025-46394 | busybox |   | low | 3.3 | None |   |   |   |  
GHSA-2464-8j7c-4cjm | github.com/go-viper/mapstructure/v2 |   | medium | 5.3 | 2.4.0 |   |   |   |  
GHSA-fv92-fjc5-jj9h | github.com/go-viper/mapstructure/v2 |   | medium | 5.3 | 2.3.0 |   |   |   |  
CVE-2025-22871 | stdlib |   | critical | 9.1 | 1.23.8, 1.24.2 |   |   |   |  
CVE-2025-22874 | stdlib |   | high | 7.5 | 1.24.4 |   |   |   |  
CVE-2025-47907 | stdlib |   | high | 7 | 1.23.12, 1.24.6 |   |   |   |  
CVE-2025-4673 | stdlib |   | medium | 6.8 | 1.23.10, 1.24.4 |   |   |   |  
CVE-2025-0913 | stdlib |   | medium | 5.5 | 1.23.10, 1.24.4 |   |   |   |  
CVE-2025-47906 | stdlib |   | medium | 6.5 | 1.23.12, 1.24.6 |  

`

Would it be possible to address these vulnerabilities in the next release of the image?

Please let us know if an update is planned or if there’s a recommended workaround in the meantime.

Thank you for your support!

Detailed Aquasec scan results:

thanos0.39.2.html

[W-Hamra]

Take it up with the authors of the upstream docker image devs, and don't paste AI slop you don't actually understand.