Github advanced security for azure devops (GHASDO) alert from WorkerExtensions.csproj #3209
thecheesemp
started this conversation in
Feedback
Replies: 1 comment
-
|
I believe we have a fix - Microsoft.Azure.Functions.Worker.Extensions.DurableTask was out of date. Updating this has fixed the scan. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
We've got a project on azure devops with a dependency on Microsoft.Azure.Functions.Worker. We are using the latest version 2.1.0 but getting the following alert from GHASDO from the generated WorkerExtensions.csproj:
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
Recommendation
Upgrade Microsoft.AspNetCore.Server.Kestrel.Core from 2.2.0 to 2.3.6 to fix the vulnerability.
Location
src/Service.Backend/obj/Release/net8.0/WorkerExtensions/WorkerExtensions.csproj
.....
Any idea of a fix? As its a generated csproj (by a azure pipelines microsoft hosted build agent) not much I can do to resolve.
Thanks
Phil
Beta Was this translation helpful? Give feedback.
All reactions