Open seancostigan opened 2 months ago
Also, identical vulnerability is currently being observed in both:
mcr.microsoft.com/azure-functions/dotnet-isolated:4-nightly-dotnet-isolated6.0 mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated6.0
Hi Team, when will this issue be addressed? We are stuck. Defender is raising this as vulnerability issue.
Description: We are using the Docker image mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0. This image includes System.Formats.Asn1 version 5.0.0, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2024-38095. Please update System.Formats.Asn1 to a version that addresses this vulnerability.
Steps to Reproduce:
Expected Behavior: No critical vulnerabilities should be present.
Actual Behavior: https://nvd.nist.gov/vuln/detail/CVE-2024-38095 is detected due to System.Formats.Asn1 version 5.0.0.