CVE-2024-48957 and CVE-2024-48958 is showing up in quay.io scanner in a container image that has ubi8-minimal and the same using ubi9 but, according to this ticket:
https://issues.redhat.com/browse/RHEL-62026 These images should not be impacted (RHEL8 and RHEL9 are not using the version that contains the vulnerability).

Surprisingly, the ubi9 and ubi8-minimal container images don't show any security issues in catalog redhat, but when I build a container image just with a Dockerfile that only has  FROM registry.access.redhat.com/ubi9:latest and push to quay I am seeing these 2 CVEs reported. Same for ubi8-minimal (FROM {}registry.access.redhat.com/ubi8-minimal:latest)