azure-functions-openapi-extension icon indicating copy to clipboard operation
azure-functions-openapi-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

Multiple transitive security vulnerabilities

Open bteamsoftware opened this issue 2 years ago • 0 comments

Describe the issue One project I am working on for a client has recently undergone penetration testing. One result of this pen testing revealed several microservices have security vulnerabilities due to transitive NuGet packages. This is easy to verify using a simple CLI command.

To Reproduce Steps to reproduce the behavior:

  1. Checkout the source from the repo
  2. Build the solution
  3. Execute the following command line from the local directory : dotnet list package --vulnerable --include-transitive --source https://api.nuget.org/v3/index.json
  4. The dotnet CLI will output a lengthy list of transitive NuGet packages that have security vulnerabilities.

Expected behavior The result of the dotnet CLI command should result in zero security vulnerabilities

Screenshots Screenshot 2023-02-07 134932

bteamsoftware avatar Feb 07 '23 19:02 bteamsoftware