Skip to content

System.Text.Encodings.Web 4.5.0. Vulnerability #25616

New issue
New issue
Closed
Closed
System.Text.Encodings.Web 4.5.0. Vulnerability#25616

Description

@ShekarKalyankar

ShekarKalyankar
openedon Dec 1, 2021

Library name and version

System.Text.Encodings.Web 4.5.0

Describe the bug

Microsoft Nuget packages (including the framework) having a reference to System.Text.Encodings.Web 4.5.0 or 5.0.0 which has vulnerabilities as a placeholder which gets marked as vulnerable in jfrog scan.

Expected behavior

Microsoft Nuget packages (including the framework) should not reference vulnerable versions as the placeholder for jfrog scan so that package is not marked for vulnerability. We are using the library as part of Microsoft.ApplicationInsights.AspNetCore.

Actual behavior

Glapi pipeline process failure and blocks the deployment due to vulnerability.

Reproduction Steps

Create any new VS project including those packages and scan through the jfrog.

Environment

All Environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-triageWorkflow: This is a new issue that needs to be triaged to the appropriate team.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions