While checking images like [0], Clair seems to accurately detect the correct `golang.org/x/net` v0.1.0 version, but inaccurately reports it as not vulnerable:

• CVE-2023-44487 is one of the CVEs that impacts the above-mentioned v0.1.0, as well as every other `golang.org/x/net` version <= 0.17.0
• NOTE:
  • Mind that ownership belongs to the Managed OpenShift SRE team
  • Also, marking this bug with Important severity, inline with the CVE rating

[0] https://quay.io/repository/app-sre/splunk-audit-exporter/manifest/sha256:6de8c1a27cecdafdc51c83e74bb960dc1f6564e76603e68338f05501d119b53b?tab=packages
[1] https://github.com/advisories/GHSA-qppj-fm5r-hxr3