Hi Darran
I managed to identify the tomcat-coyote. it was from a internal app which I now have excluded.
However I still encounter some vulnerabilities
io.netty:netty-codec 4.1.124.Final:/opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec/main/netty-codec-4.1.124.Final.jar
io.netty:netty-codec-http 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec-http 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-http/main/netty-codec-http-4.1.124.Final.jar
io.netty:netty-codec-dns 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-dns/main/netty-codec-dns-4.1.124.Final.jar
io.netty:netty-codec-http2 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-http2/main/netty-codec-http2-4.1.124.Final.jar
io.netty:netty-codec-socks 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec-socks 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-socks/main/netty-codec-socks-4.1.124.Final.jar
CVE-2025-58056, CVE-2025-58057, CVE-2025-58056, CVE-2025-58057
Suggested fix: 4.1.125.Final
What are the consequences if I remove these from my image?
Kind regards
Morten Hoffmann