Description:
We are using the Docker image mcr.microsoft.com/azure-functions/python:4-python3.9-slim. This image includes azure-functions-host/workers/python/3.9/LINUX/X64/setuptools-69.5.1.dist-info/METADATA, which is affected by https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345. Please update setuptools to version 70 above that addresses this vulnerability.
Steps to Reproduce:
Use mcr.microsoft.com/azure-functions/python:4-python3.9-slim in a Dockerfile.
Run a vulnerability scan (I'm using Aqua).
Expected Behavior:
No critical vulnerabilities should be present.
Description: We are using the Docker image mcr.microsoft.com/azure-functions/python:4-python3.9-slim. This image includes azure-functions-host/workers/python/3.9/LINUX/X64/setuptools-69.5.1.dist-info/METADATA, which is affected by https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6345. Please update setuptools to version 70 above that addresses this vulnerability.
Steps to Reproduce: Use mcr.microsoft.com/azure-functions/python:4-python3.9-slim in a Dockerfile. Run a vulnerability scan (I'm using Aqua). Expected Behavior: No critical vulnerabilities should be present.
Actual Behavior: https://github.com/advisories/GHSA-cx63-2mw6-8hw5 is detected due to setuptools version 69.5.1.