Skip to content

Component Governance detected 1 security related alerts at or above "High" severity #4471

New issue
New issue
Closed
dotnet/runtime
#103639
Closed
Component Governance detected 1 security related alerts at or above "High" severity#4471
dotnet/runtime
#103639
Labels
area-upstream-fixNeeds a change in a contributing repoops-monitorIssues created/handled by the source build monitor role
@Winniexu01

Description

@Winniexu01
Winniexu01
opened on Jun 19, 2024

Synchronization build in VMR main: https://dev.azure.com/dnceng/internal/_build/results?buildId=2477137&view=logs&j=f94b1352-8074-534d-f024-dae8a910f9a5&t=45076ec1-5101-5328-cb42-66bd28c759bf

1 security alert at or above "High" severity:

_________________________________________________________________________________________________________________________________________________
|Security Alerts                                                                                                                                |
|_______________________________________________________________________________________________________________________________________________|
|Alert title                             |Affected component                      |Severity                      |Due date                      |
|________________________________________|________________________________________|______________________________|______________________________|
|CVE-2024-37890                          |ws 8.4.0                                |High                          |2024-09-16T07:54:15.9792710Z  |
|________________________________________|________________________________________|______________________________|______________________________|

##[warning]Component Governance detected 1 security related alerts at or above "High" severity. Microsoft's Open Source policy requires that all high and critical security vulnerabilities found by this task be addressed by upgrading vulnerable components. Vulnerabilities in indirect dependencies should be addressed by upgrading the root dependency.
To change the severity threshold or build result, either dismiss the alerts in Component Governance or update the settings of this build task.
Please see our support page at https://aka.ms/cg-support to get help with questions related to Component Governance.
##[warning]Component Governance detected 1 security alert(s) at or above "High" severity that need to be resolved. On their due date these alerts will break the build.
Took 1.446064 seconds to query alerts.
Component Governance Alerts:            https://dev.azure.com/dnceng/7ea9116e-9fac-403d-b258-b31fcf1bb293/_componentGovernance/102295?_a=alerts&typeId=21581780
Component Governance Detection History: https://dev.azure.com/dnceng/7ea9116e-9fac-403d-b258-b31fcf1bb293/_componentGovernance/102295?_a=history&typeId=21581780

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-upstream-fixNeeds a change in a contributing repoops-monitorIssues created/handled by the source build monitor role

    Type

    No type

    Projects

    .NET Source Build

    Status

    Done

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions