You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using the Microsoft-provided Docker image called mcr.microsoft.com/dotnet/aspnet:8.0 in production. This is the current LTS image for the ASP.NET Core Runtime for .net 8.
Unfortunately, this image contains the following two vulnerabilities:
gnutls28, (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust)
tar (GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.)
systemd(A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.)
The vulnerabilities were found by the Prisma Cloud .
Would you be able to provide an update to this Docker image?
We rely on this image in production and need it urgently.
Please let me know if I can be of any assistance in resolving this issue.
The text was updated successfully, but these errors were encountered:
We are using the Microsoft-provided Docker image called mcr.microsoft.com/dotnet/aspnet:8.0 in production. This is the current LTS image for the ASP.NET Core Runtime for .net 8.
Unfortunately, this image contains the following two vulnerabilities:
gnutls28, (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust)
tar (GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.)
systemd(A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.)
The vulnerabilities were found by the Prisma Cloud .
Would you be able to provide an update to this Docker image?
We rely on this image in production and need it urgently.
Please let me know if I can be of any assistance in resolving this issue.
The text was updated successfully, but these errors were encountered: