Overview

We are using the inbucket/inbucket:3.1.0 base image in our application, but our security scan has reported a critical vulnerability.

Description

The image contains a version of the Go standard library (stdlib v1.24.5) that is affected by CVE-2025-47907, a high-severity vulnerability. The vulnerability is addressed in versions 1.23.12 and 1.24.6 of Go.

more info -
Image: inbucket/inbucket:3.1.0
Affected Go stdlib version: v1.24.5
Vulnerability ID: CVE-2025-47907
Severity: HIGH (CVSS 3.0 score: 7.0)
Fixed Versions: 1.23.12, 1.24.6
Status: Not fixed in image (FAILED)

Remediation

Please rebuild the image with Go version 1.24.6 or 1.23.12 (or later) to ensure the vulnerable standard library is not included.