Description:
We are using the Docker image mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0. This image includes Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2024-43485. Please update Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4 to a version that addresses this vulnerability.
Steps to Reproduce:
Use mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0 in a Dockerfile.
Run a vulnerability scan (I'm using Aqua).
Expected Behavior:
No critical vulnerabilities should be present.
Description: We are using the Docker image mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0. This image includes Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2024-43485. Please update Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4 to a version that addresses this vulnerability.
Steps to Reproduce:
Use mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0 in a Dockerfile. Run a vulnerability scan (I'm using Aqua). Expected Behavior: No critical vulnerabilities should be present.
Actual Behavior: https://nvd.nist.gov/vuln/detail/CVE-2024-43485 is detected due to Microsoft.Azure.WebJobs.Script.WebHost.deps.json version 8.0.4.