Vulnerabilities in sj26/mailcatcher:v0.10.0 image

[metametadata]

Detected by Grype in Docker image sj26/mailcatcher:v0.10.0:

NAME           INSTALLED   FIXED-IN    TYPE  VULNERABILITY        SEVERITY
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium
libcrypto3     3.3.0-r2    3.3.1-r1    apk   CVE-2024-5535        Critical
libcrypto3     3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741        Unknown
libssl3        3.3.0-r2    3.3.1-r1    apk   CVE-2024-5535        Critical
libssl3        3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741        Unknown
rexml          3.2.6       3.3.6       gem   GHSA-vmwr-mc7x-5vc3  Medium
rexml          3.2.6       3.2.7       gem   GHSA-vg3r-rm7w-2xgh  Medium
rexml          3.2.6       3.3.3       gem   GHSA-r55c-59qm-vjw6  Medium
rexml          3.2.6       3.3.3       gem   GHSA-5866-49gr-22v4  Medium
rexml          3.2.6       3.3.2       gem   GHSA-4xqq-m2hx-25v8  Medium
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium

[metametadata]

New report:

NAME           INSTALLED   FIXED-IN    TYPE  VULNERABILITY        SEVERITY
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium    
busybox        1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium    
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium    
busybox-binsh  1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium    
libcrypto3     3.3.0-r2    3.3.1-r1    apk   CVE-2024-5535        Critical  
libcrypto3     3.3.0-r2    3.3.2-r0    apk   CVE-2024-6119        High      
libcrypto3     3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741        High      
libcrypto3     3.3.0-r2    3.3.2-r1    apk   CVE-2024-9143        Medium    
libcrypto3     3.3.0-r2                apk   CVE-2024-13176       Unknown   
libssl3        3.3.0-r2    3.3.1-r1    apk   CVE-2024-5535        Critical  
libssl3        3.3.0-r2    3.3.2-r0    apk   CVE-2024-6119        High      
libssl3        3.3.0-r2    3.3.0-r3    apk   CVE-2024-4741        High      
libssl3        3.3.0-r2    3.3.2-r1    apk   CVE-2024-9143        Medium    
libssl3        3.3.0-r2                apk   CVE-2024-13176       Unknown   
rexml          3.2.6       3.3.6       gem   GHSA-vmwr-mc7x-5vc3  High      
rexml          3.2.6       3.2.7       gem   GHSA-vg3r-rm7w-2xgh  Medium    
rexml          3.2.6       3.3.3       gem   GHSA-r55c-59qm-vjw6  Medium    
rexml          3.2.6       3.3.3       gem   GHSA-5866-49gr-22v4  Medium    
rexml          3.2.6       3.3.2       gem   GHSA-4xqq-m2hx-25v8  Medium    
rexml          3.2.6       3.3.9       gem   GHSA-2rxp-v6pw-ch6m  Medium    
sinatra        3.2.0       4.1.0       gem   GHSA-hxx2-7vcw-mqr3  Medium    
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42365       Medium    
ssl_client     1.36.1-r28  1.36.1-r29  apk   CVE-2023-42364       Medium

[spaquet]

Most of these are related to the Alpine Linux version being used.
For example I just publised an update of my docker image for mailcatcher, that I'm proudly maintain with a small footprint, but I already have in less than 24 hours 1 critical CVE that Alpine hasn't fixed yet.
Here is my link:
https://github.com/spaquet/docker-alpine-mailcatcher