From helpnetsecurity.com
Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of times collectively. This includes high-profile vulnerabilities with publicly known exploits.
Some of the hidden vulnerabilities are known to be actively exploited in the wild and are part of the CISA known exploited vulnerabilities catalog, including CVE-2021-42013, CVE-2021-41773, CVE-2019-17558.