When I had scanned image quay.io/strimzi/kafka:0.32.0-kafka-3.3.1 using trivy i got vunerabilty in this image.
opt/kafka/libs/snakeyaml-1.33.jar
=================================
Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 1)
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
| org.yaml:snakeyaml | CVE-2022-1471 | CRITICAL | 1.33 | | SnakeYaml: Constructor |
| | | | | | Deserialization |
| | | | | | Remote Code Execution |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-1471 |
+--------------------+------------------+----------+-------------------+---------------+--------------------------------------+
After pulling an image what i have do to fix this issue ?
I need an image with 0 vulnerability.
If you dont own the image then theres not much you can do. You'll have to open an issue to the owners to fix