CVE-2024-41110, CVE-2024-45337, CVE-2023-45288 critical security issues reported with an evidence pointing to /usr/bin/sqlcmd in Ubuntu

[CezaryKlus]

Microsoft Defender for cloud reports CVE-2024-41110, CVE-2024-45337, CVE-2023-45288 on the container images where sqlcmd is installed.

FROM ubuntu:22.04

SHELL ["/bin/bash", "-c"]

RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y && apt-get install -y -qq --no-install-recommends apt-utils curl wget apt-transport-https software-properties-common

RUN curl -sSL -O https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb
RUN dpkg -i packages-microsoft-prod.deb
RUN rm packages-microsoft-prod.deb

RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y -qq --no-install-recommends sqlcmd

ENTRYPOINT ["sqlcmd"]

Issues are related to:
golang.org/x/crypto
github.com/docker/docker

Evidence field points to /usr/bin/sqlcmd

"softwareDetails": {
        "version": "24.0.6.0",
        "language": "go",
        "vendor": "github.com/docker/docker",
        "fixedVersion": "25.0.6",
        "packageName": "github.com/docker/docker",
        "osDetails": {
            "osPlatform": "linux",
            "osVersion": "ubuntu_linux_22.04"
        },
        "fixStatus": "FixAvailable",
        "category": "Language",
        "evidence": [
            "/usr/bin/sqlcmd"
        ]
    },

"softwareDetails": {
        "version": "0.14.0.0",
        "language": "go",
        "vendor": "golang.org/x/crypto",
        "fixedVersion": "0.31.0",
        "packageName": "golang.org/x/crypto",
        "osDetails": {
            "osPlatform": "linux",
            "osVersion": "ubuntu_linux_22.04"
        },
        "fixStatus": "FixAvailable",
        "category": "Language",
        "evidence": [
            "/usr/bin/sqlcmd"
        ]
    },