We're running a dotnetcore web application on a Debian 11.7-slim image in AWS ECS+Fargate. Snyk Container is reporting that curl 7.74 is present on the image and suffers from "CVE-2023-23914 - cleartext transmission of sensitive information".
We have run apt update/upgrade in the image, and I can only assume that due to package constraints, curl cannot be updated to 8.x.
Our process does not use curl. Is this mitigation against the reported vulnerability - especially from PCI-DSS point of view?