Vulnerability CVE-2024-24790 - Githubissues

Azure / azure-functions-docker

This repo contains the base Docker images for working with azure functions

MIT License

269 stars 118 forks source link

Vulnerability CVE-2024-24790 #1183

Open selghonimi opened 4 days ago

selghonimi commented 4 days ago

Image

mcr.microsoft.com/azure-functions/python:4-python3.12

Description

Trivy scans are failing for the following CVEs:

CVE-2024-24790: golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
CVE-2023-45288: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

Package Name

stdlib

Current Installed Version

v1.20.14

Fixed Versions

v1.21.9 and v1.22.2