Vulnerabilities in aws-sdk-go dependency

Hi! I have recently pulled the official Promtail docker image and analysed it with Trivy (a security and vulnerability scanner). The result shows several vulnerabilities:

$ trivy image --vuln-type library grafana/promtail:main-a7976b5
2023-05-30T07:23:02.589Z	INFO	Vulnerability scanning is enabled
2023-05-30T07:23:02.589Z	INFO	Secret scanning is enabled
2023-05-30T07:23:02.589Z	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-05-30T07:23:02.589Z	INFO	Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection
2023-05-30T07:23:03.404Z	INFO	Number of language-specific files: 1
2023-05-30T07:23:03.404Z	INFO	Detecting gobinary vulnerabilities...

usr/bin/loki (gobinary)

Total: 2 (UNKNOWN: 0, LOW: 1, MEDIUM: 1, HIGH: 0, CRITICAL: 0)

┌───────────────────────────┬───────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│          Library          │ Vulnerability │ Severity │ Installed Version │ Fixed Version │                           Title                            │
├───────────────────────────┼───────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ github.com/aws/aws-sdk-go │ CVE-2020-8911 │ MEDIUM   │ v1.44.217         │               │ aws/aws-sdk-go: CBC padding oracle issue in AWS S3 Crypto  │
│                           │               │          │                   │               │ SDK for golang...                                          │
│                           │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-8911                  │
│                           ├───────────────┼──────────┤                   ├───────────────┼────────────────────────────────────────────────────────────┤
│                           │ CVE-2020-8912 │ LOW      │                   │               │ aws-sdk-go: In-band key negotiation issue in AWS S3 Crypto │
│                           │               │          │                   │               │ SDK for golang...                                          │
│                           │               │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-8912                  │
└───────────────────────────┴───────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

Do you have any information/statement about these CVEs related to your product? Is your software actually affected by them?

Thanks in advance!