Trivy scan result:
usr/bin/mc (gobinary)
=====================
Total: 1 (HIGH: 1, CRITICAL: 0)
┌──────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├──────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ github.com/golang-jwt/jwt/v4 │ CVE-2025-30204 │ HIGH │ fixed │ v4.5.1 │ 4.5.2 │ golang-jwt is a Go implementation of JSON Web Tokens. Prior │
│ │ │ │ │ │ │ to ... │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-30204 │
└──────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘
Steps to reproduce the behavior
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro aquasec/trivy:latest image --pkg-types os,library --exit-code 1 --severity HIGH,CRITICAL --timeout 10m --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db minio/mc:latest
mc --version
mcb6d8b0f7dc40:/$ mc --version
mc version RELEASE.2025-03-12T17-29-24Z (commit-id=c1d5d4cbb4caf05afef3ea06a91a56bd778336de)
Runtime: go1.24.1 linux/amd64
Copyright (c) 2015-2025 MinIO, Inc.
License GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
System information
Linux b6d8b0f7dc40 6.6.71-0-virt #1-Alpine SMP PREEMPT_DYNAMIC 2025-01-10 14:56:02 x86_64 Linux
Trivy scan result:
Steps to reproduce the behavior
mc --version
System information
Linux b6d8b0f7dc40 6.6.71-0-virt #1-Alpine SMP PREEMPT_DYNAMIC 2025-01-10 14:56:02 x86_64 Linux