search

Azure / azure-functions-vs-build-sdk

MSBuild task for Azure Functions
MIT License
95 stars 64 forks source link

Security Vulnerabilities in Microsoft.NET.SDK.Functions 3.0.11 #521

Open ginoey opened 3 years ago

ginoey commented 3 years ago

Hello, I am using Microsoft.NET.SDK.Functions 3.0.11 for my Azure function App. I am getting vulnerabilities in two of the subcomponents which is referred by Microsoft.NET.SDK.Functions 3.0.11 during JFrog X-Ray scanning.

  1. System.Net.Sockets:4.3.0 - A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. Severity- High
  2. System.Security.Cryptography.X509Certificates:4.3.2 .NET Core and Visual Studio Denial of Service Vulnerability. Severity: Medium

I tried to downgrade the System.Net.Sockets to the lower version 4.1.0 which dont have any security vulnerability and unable to proceed due to this version is not supported by the Microsoft.NET.SDK.Functions 3.0.11.

Could you please let me know how can I resolve this or is there any plan for the future release for fixing of this issue.

Thanks Gino Varghese

ginoey commented 3 years ago

Hello, Do you have any updates on the issue that I reported earlier? Regards Gino Varghese