CVE-2024-43485 vulnerability in dotnet-isolated:4-dotnet-isolated8.0 #1178

jxy03 · 2024-10-14T12:25:23Z

Description:
We are using the Docker image mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0. This image includes Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4, which is affected by https://nvd.nist.gov/vuln/detail/CVE-2024-43485. Please update Microsoft.Azure.WebJobs.Script.WebHost.deps.json 8.0.4 to a version that addresses this vulnerability.

Steps to Reproduce:

Use mcr.microsoft.com/azure-functions/dotnet-isolated:4-dotnet-isolated8.0 in a Dockerfile.
Run a vulnerability scan (I'm using Aqua).
Expected Behavior:
No critical vulnerabilities should be present.

Actual Behavior:
https://nvd.nist.gov/vuln/detail/CVE-2024-43485 is detected due to Microsoft.Azure.WebJobs.Script.WebHost.deps.json version 8.0.4.

HansDeMulder-VRB mentioned this issue Dec 9, 2024

337 vulnerabilities in 4-dotnet-isolated8.0 (1 C, 231 H) #1185

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2024-43485 vulnerability in dotnet-isolated:4-dotnet-isolated8.0 #1178

CVE-2024-43485 vulnerability in dotnet-isolated:4-dotnet-isolated8.0 #1178

jxy03 commented Oct 14, 2024

CVE-2024-43485 vulnerability in dotnet-isolated:4-dotnet-isolated8.0 #1178

CVE-2024-43485 vulnerability in dotnet-isolated:4-dotnet-isolated8.0 #1178

Comments

jxy03 commented Oct 14, 2024