Comments (85)
One or more dependencies were identified with known vulnerabilities in agent: azure-identity-1.10.3.jar (pkg:maven/com.azure/[email protected], cpe:2.3:a:microsoft:azure_identity_sdk:1.10.3:*:*:*:*:*:*:*, cpe:2.3:a:microsoft:azure_sdk_for_java:1.10.3:*:*:*:*:*:*:*) : CVE-2023-36415
This is a false positive.
According to both
- https://nvd.nist.gov/vuln/detail/CVE-2023-36415
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415
this CVE is fixed in 1.10.3.
Tooling may just be lagging since this was very recently reported/updated.
from applicationinsights-java.
See OWASP dependency check (daily) #377.
from applicationinsights-java.
let's see if #3350 resolves
from applicationinsights-java.
See OWASP dependency check (daily) #378.
from applicationinsights-java.
See OWASP dependency check (daily) #379.
from applicationinsights-java.
See OWASP dependency check (daily) #380.
from applicationinsights-java.
See OWASP dependency check (daily) #381.
from applicationinsights-java.
See OWASP dependency check (daily) #382.
from applicationinsights-java.
See OWASP dependency check (daily) #383.
from applicationinsights-java.
See OWASP dependency check (daily) #384.
from applicationinsights-java.
See OWASP dependency check (daily) #385.
from applicationinsights-java.
See OWASP dependency check (daily) #386.
from applicationinsights-java.
See OWASP dependency check (daily) #387.
from applicationinsights-java.
See OWASP dependency check (daily) #388.
from applicationinsights-java.
See OWASP dependency check (daily) #389.
from applicationinsights-java.
See OWASP dependency check (daily) #390.
from applicationinsights-java.
See OWASP dependency check (daily) #391.
from applicationinsights-java.
See OWASP dependency check (daily) #392.
from applicationinsights-java.
See OWASP dependency check (daily) #393.
from applicationinsights-java.
See OWASP dependency check (daily) #394.
from applicationinsights-java.
See OWASP dependency check (daily) #395.
from applicationinsights-java.
See OWASP dependency check (daily) #396.
from applicationinsights-java.
See OWASP dependency check (daily) #397.
from applicationinsights-java.
See OWASP dependency check (daily) #398.
from applicationinsights-java.
See OWASP dependency check (daily) #399.
from applicationinsights-java.
See OWASP dependency check (daily) #400.
from applicationinsights-java.
See OWASP dependency check (daily) #401.
from applicationinsights-java.
See OWASP dependency check (daily) #402.
from applicationinsights-java.
See OWASP dependency check (daily) #403.
from applicationinsights-java.
See OWASP dependency check (daily) #404.
from applicationinsights-java.
See OWASP dependency check (daily) #405.
from applicationinsights-java.
See OWASP dependency check (daily) #406.
from applicationinsights-java.
See OWASP dependency check (daily) #407.
from applicationinsights-java.
See OWASP dependency check (daily) #408.
from applicationinsights-java.
See OWASP dependency check (daily) #409.
from applicationinsights-java.
See OWASP dependency check (daily) #410.
from applicationinsights-java.
See OWASP dependency check (daily) #411.
from applicationinsights-java.
See OWASP dependency check (daily) #412.
from applicationinsights-java.
See OWASP dependency check (daily) #413.
from applicationinsights-java.
See OWASP dependency check (daily) #414.
from applicationinsights-java.
See OWASP dependency check (daily) #415.
from applicationinsights-java.
See OWASP dependency check (daily) #416.
from applicationinsights-java.
See OWASP dependency check (daily) #417.
from applicationinsights-java.
See OWASP dependency check (daily) #418.
from applicationinsights-java.
See OWASP dependency check (daily) #419.
from applicationinsights-java.
See OWASP dependency check (daily) #420.
from applicationinsights-java.
See OWASP dependency check (daily) #421.
from applicationinsights-java.
See OWASP dependency check (daily) #422.
from applicationinsights-java.
See OWASP dependency check (daily) #423.
from applicationinsights-java.
See OWASP dependency check (daily) #424.
from applicationinsights-java.
See OWASP dependency check (daily) #425.
from applicationinsights-java.
See OWASP dependency check (daily) #426.
from applicationinsights-java.
See OWASP dependency check (daily) #427.
from applicationinsights-java.
See OWASP dependency check (daily) #428.
from applicationinsights-java.
See OWASP dependency check (daily) #429.
from applicationinsights-java.
See OWASP dependency check (daily) #430.
from applicationinsights-java.
See OWASP dependency check (daily) #431.
from applicationinsights-java.
See OWASP dependency check (daily) #432.
from applicationinsights-java.
See OWASP dependency check (daily) #433.
from applicationinsights-java.
See OWASP dependency check (daily) #434.
from applicationinsights-java.
See OWASP dependency check (daily) #435.
from applicationinsights-java.
See OWASP dependency check (daily) #436.
from applicationinsights-java.
See OWASP dependency check (daily) #437.
from applicationinsights-java.
See OWASP dependency check (daily) #438.
from applicationinsights-java.
See OWASP dependency check (daily) #439.
from applicationinsights-java.
See OWASP dependency check (daily) #440.
from applicationinsights-java.
See OWASP dependency check (daily) #441.
from applicationinsights-java.
See OWASP dependency check (daily) #442.
from applicationinsights-java.
See OWASP dependency check (daily) #443.
from applicationinsights-java.
See OWASP dependency check (daily) #444.
from applicationinsights-java.
See OWASP dependency check (daily) #445.
from applicationinsights-java.
See OWASP dependency check (daily) #446.
from applicationinsights-java.
Related Issues (20)
- Missing telemetry for LogBook events HOT 2
- Support for restlet framework HOT 9
- Workflow failed: OWASP dependency check (daily) (#372) HOT 3
- Local agent trying to connect to Azure metadata (regression bug?) HOT 2
- Connection string overrides syntax causes Unrecognized field "connectionStringOverrides" configuration error HOT 2
- Query for next expected version of applicationinsights-agent HOT 2
- Agent doesn't detect `connectionString` with configuration file (applicationinsights.json) in default location (same directory as the agent) HOT 4
- Eventgrid Telemetry Correlation HOT 4
- CVE-2023-44487 HOT 4
- Telemetry filters on span events HOT 21
- Telemetry processors bug HOT 16
- Azure Function hosted on Kubernetes does not work HOT 15
- CVE-2023-6378 HOT 10
- Agent not reporting HTTP operations from spring app HOT 7
- Azure Security reports CVE-2018-1000011 HOT 4
- General Availability target for sampling overrides HOT 5
- in the latest JAR 3.4.18, there are two HIGH Vulnerabilities CVE-2023-6378 with ch.qos.logback:logback-classic and ch.qos.logback:logback-core HOT 2
- Classic SDK TelemetryClient not capturing any data HOT 4
- Add ability to disable reactor instrumentation HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from applicationinsights-java.