search

Azure / azure-functions-vs-build-sdk

MSBuild task for Azure Functions
MIT License
96 stars 62 forks source link

Microsoft.NET.Sdk.Functions includes known vulnerability CVE-2019-0820: "Uncontrolled Resource Consumption" #640

Open SamHard opened 1 month ago

SamHard commented 1 month ago

According to Mend's SCA tool, the latest version of package Microsoft.NET.Sdk.Functions (4.4.0) includes a security vulnerability known as CVE-2019-0820, which is linked to upstream dependency System.Text.RegularExpressions 4.3.0. The issue was resolved in version 4.3.1.

The complete dependency tree is as follows:

microsoft.net.sdk.functions.4.4.0.nupkg
↓
microsoft.azure.webjobs.extensions.http.3.2.0.nupkg
↓
microsoft.aspnet.webapi.client.5.2.8.nupkg
↓
newtonsoft.json.bson.1.0.1.nupkg
↓
netstandard.library.1.6.1.nupkg
↓
system.xml.xdocument.4.3.0.nupkg
↓
system.xml.readerwriter.4.3.0.nupkg
↓
system.text.regularexpressions.4.3.0.nupkg