The Alpine project is very responsive to vulnerability reports and has been releasing patched versions of BusyBox that address critical vulnerabilities. CVE-2022-28391 was reported over 4 months ago and is still unpatched in BusyBox 1.34.x and 1.35.0 releases. Meanwhile, Alpine patched their BusyBox build almost as soon as the vulnerability was published: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661

This image doesn't have to use Alpine in general but it should consider using the Alpine build of the BusyBox executable for greater security.