Elastic image 8.5.3 Vulnerabilities

We are downloading elastic images of docker hub. Elastic image is showing log4j vulnerabilities in 8.5.3 and 8.6 the images released in Dec 2022 and Jan2023. These vulnerabilities were addressed a year ago in dec 2021. Can you please confirm these are false positives. We use sysdig scanner
Severity

CriticalReported byNational Vulnerability Database

Package

org.apache.logging.log4j:log4j-slf4j-impl - 2.12.4JAVA

In Use

Package Path

/usr/share/elasticsearch/modules/apm/elastic-apm-agent-1.33.0.jar

Welcome to our community! :smiley:

As per Security issues | Elastic, please email security@elastic.co for questions regarding issues.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.