-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-0056 vulnerability in dotnet v4 image #1029
Comments
I accidentally thought I saw this fixed in latest, but am still seeing it in 4.28.3 |
I was using the scanner that came with docker desktop, it's using docker Scout, I'm not sure of the version. If I check in azure portal, under Container Registry -> Microsoft Defender for Cloud. One of the scanner that's marked deprecated "[Deprecated] Azure registry container images should have vulnerabilities resolved (powered by Qualys)" would show the same vulnerability. However if I check the scan result under "Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management)" then the same image is reported as healthy (no vulnerability). I'm not sure why its not showing up on the latter one. |
We have similar problem but for CVE-2024-0057 issue. We are using AquaSec scanner, started failing today. We are using mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0 image |
We have a fix coming for CVE-2024-0056 . We normally update the images once a week and I'll check and update this thread. For CVE-2024-0057 let me check into this. |
Hello, the fix for CVE-2024-0057 will roll out in the image for 4.31.1. |
I'm getting security CVE-2024-0056 vulnerability in security scan of the azure function dotnet v4 image. It's due to the image using outdated packages. Would the image be updated soon to use the updated packages?
I think this is similar issue to #1004 (for a different vulnerability)
The text was updated successfully, but these errors were encountered: