Even if I use mercurial in my Docker image to get my app and not prepackage it (what I do), and I know this is about public images, how is this "high" vulnerability? I don't deny it's one I would just like to learn why it is classified high if e.g. I use Docker for my HAProxy.
Looking at the top vulnerability CVE-2014-9462 in mercurial.
It affects mercurial clients that access crafted repositories as far as I understand.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-94...
Even if I use mercurial in my Docker image to get my app and not prepackage it (what I do), and I know this is about public images, how is this "high" vulnerability? I don't deny it's one I would just like to learn why it is classified high if e.g. I use Docker for my HAProxy.