Note this is only an issue for docker images using non default tools. Not good but not unique, for instance here is another high scored CVE for PAM issues in Ubuntu/Debian https://www.cvedetails.com/cve/CVE-2009-3232/

I challenge you to find any decade+ old OS software community you couldn't make the same comment towards.