Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,292 questions
Azure.Identity vulnerability in a .net project.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 7.000000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPW%3C/text%3E%3C/svg%3E)
Phillip Williams
10
Reputation points
If I create a simple class project using VS2022 whose project definition is this:``
Then I check for vulnerabilities
dotnet list package --vulnerable --include-transitive
I get this output
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> Azure.Identity 1.10.3 Moderate https://github.com/advisories/GHSA-wvxc-855f-jvrv
This issue is causing a problem in the build pipeline which checks for vulnerabilities. It seems that this advisory came out 3 days ago. I downloaded the SDK 8.0.204 and tried running the pipeline using SDK 8.0.204 but the message still occurs.
How to solve this issue?
Azure Functions
.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,391 questions
{count} vote
-
Phillip Williams 10 Reputation points
2024-04-12T22:10:37.11+00:00 I managed to work around this problem by adding this line to the project definition file
<PackageReference Include="Azure.Identity" Version="1.11.0" />
Sign in to comment