Critical vulns in logstash docker: CVE-2022-46337, CVE-2021-26291

trivy reports in the logstash:8.11 docker image the following critical vulns:

  • CVE-2022-46337 in org.apache.derby:derby (derby-
  • CVE-2021-26291 in org.apache.maven:maven-compat (maven-compat-3.3.9.jar), org.apache.maven:maven-core (maven-core-3.3.9.jar)

These CVEs are not listed on the security issues page.

There's no acknowledgment of it or recommendations for remediation. Please advise.

You should enquire via email to They will not respond to a request here.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.