Replies: 2 comments 2 replies
-
Hello @joewragg I built your image and found that it contains root@56ed28c2105b:/# cat opt/microsoft/powershell/7/Modules/PSReadLine/_manifest/spdx_2.2/manifest.spdx.json | grep '"name": "System.Formats.Asn1"' -A 7
"name": "System.Formats.Asn1",
"SPDXID": "SPDXRef-Package-D60BE9A079A339572CC368D77C4FE3CD4860E5B2846B9831B99485A3ABD77F4B",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"versionInfo": "6.0.0", Regards, Dmitriy |
Beta Was this translation helpful? Give feedback.
-
I tried to understand to source of the problem: / # exiftool -AssemblyVersion -ProductVersion /opt/microsoft/powershell/7-preview/System.Formats.Asn1.dll / # exiftool -AssemblyVersion -ProductVersion /opt/microsoft/powershell/7-preview/ref/System.Formats.Asn1.dll But /opt/microsoft/powershell/7-preview/Modules/PSReadLine/_manifest/spdx_2.2/manifest.spdx.json still reference to version 6.0.0 It seams that PSReadLine modul is installed during build. An other solution is to update the dependency in https://github.com/PowerShell/PSReadLine, but until now I was not able to find out how. |
Beta Was this translation helpful? Give feedback.
-
IDs
CVE-2024-38095
Description
(nuget)
Total: 1 (HIGH: 1, CRITICAL: 0)
┌─────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├─────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ System.Formats.Asn1 │ CVE-2024-38095 │ HIGH │ fixed │ 6.0.0 │ 6.0.1, 8.0.1 │ dotnet: DoS when parsing X.509 Content and ObjectIdentifiers │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-38095 │
└─────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
I think this is detecting nuget powershell but I am using powershell 7.4.5
According to this: PowerShell/Announcements#64 it was fixed in powershell 7.4.4
Reproduction Steps
Version
Checklist
-f json
that shows data sources and confirmed that the security advisory in data sources was correctBeta Was this translation helpful? Give feedback.
All reactions