https://nvd.nist.gov/vuln/detail/CVE-2022-28391 reports a vulnerability in BusyBox.
The vulnerability is claimed to have been addressed in https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661.

updating alpine tags from 3.15 to 3.15.4 or 3.16 at https://github.com/distribution/distribution/blob/main/Dockerfile#L52 should address this issue.