Multiple vulnerabilities found (CVE-2023-28319,CVE-2023-29337,CVE-2023-32731,CVE-2023-33141,CVE-2023-33170) in dotnet-function images

Azure / azure-functions-docker

This repo contains the base Docker images for working with azure functions

MIT License

268 stars 118 forks source link

Multiple vulnerabilities found (CVE-2023-28319,CVE-2023-29337,CVE-2023-32731,CVE-2023-33141,CVE-2023-33170) in dotnet-function images #942

Open hemantsathe opened 1 year ago

hemantsathe commented 1 year ago

We are using .Net 6.0 based Azure function Images and we have found multiple vulnerabilities in the base images during our aqua scanner scanning. These have not been addressed for more than a month now and would like an update on when these will be closed.

The ids of the vulnerabilities are CVE-2023-28319, CVE-2023-29337, CVE-2023-32731, CVE-2023-33141. These are all recently found vulnerabilities (Circa 2023).

kollachaitanyakrishna commented 1 year ago

Yes

hemantsathe commented 1 year ago

@VpOfEngineering - We are facing this issue for a long time and our internal security teams are constantly asking up for updates on this. This is really critical for security of our product and request your attention in resolving this.

Ashishpote commented 1 year ago

Even we are facing the same issues. Do we have any ETA on these issues?

RedSandSasori commented 1 year ago

Do we have any update on this or any workaround ? Microsoft Defender for Cloud is reporting these issues and security score dropped.