We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A Trivy scan of the 8.0.300 SDK Docker image shows the following result:
mcr.microsoft.com/dotnet/sdk:8.0 (debian 12.5) ============================================== Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) usr/share/dotnet/sdk/8.0.300/DotnetTools/dotnet-watch/8.0.300-rtm.24224.16/tools/net8.0/any/BuildHost-netcore/Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.deps.json (dotnet-core) ========================================================================================================================================================================================= Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0) ┌───────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├───────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────┤ │ System.Security.Cryptography.Pkcs │ CVE-2023-29331 │ HIGH │ fixed │ 7.0.0 │ 7.0.2, 6.0.3 │ dotnet: .NET Kestrel: Denial of Service processing X509 │ │ │ │ │ │ │ │ Certificates │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-29331 │ └───────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────┘
>docker run aquasec/trivy i mcr.microsoft.com/dotnet/sdk:8.0 --ignore-unfixed
The text was updated successfully, but these errors were encountered:
dotnet/roslyn#73515 should fix this once it flows to the SDK.
Sorry, something went wrong.
No branches or pull requests
Describe the bug
A Trivy scan of the 8.0.300 SDK Docker image shows the following result:
To Reproduce
>docker run aquasec/trivy i mcr.microsoft.com/dotnet/sdk:8.0 --ignore-unfixed
The text was updated successfully, but these errors were encountered: