Opensearch v2.2.1 with vulns CVE-2022-24823 CVE-2022-36033 after a Trivy Scan

Today running a Trivy scan on the version 2.2.1 of Opensearch I found the following vulnerabilities CVE-2022-24823 CVE-2022-36033 on the jars “netty-codec-4.1.72.Final”, “netty-codec-http2-4.1.72.Final.jar”, “netty-handler-4.1.72.Final.jar”, “jsoup-1.14.3.jar”.

@kittone Please report it in OpenSearch security GitHub and share the link to the GitHub case here.


When I try to open a security issue on Github I receive this message

How should I procede?

Thank you