.Net core 1.0, 2.0 redirect vulnerability #22704
Unanswered
jayeshchedambath
asked this question in
General
Replies: 1 comment 2 replies
-
|
Tagging @blowdart |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
I cannot answer that, it would depend on how functions uses asp.net core and what they expose. |
Beta Was this translation helpful? Give feedback.
-
|
my run time is 3 and , per the above advisory the vulnerable versions are 1.0.x and 2.0.x, but my SDK is 1.0.x, i don't use any http redirect which is said to have vulnerability |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is the below issue applicable for azure functions run time 3.x? we use azure functions SDK version 1.0.31
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8292.
From the git hub page of the issue is I see below.It is not mentioned about Azure functions SDK.
System administrators running .NET Core 1.0 or .NET Core 1.1 applications must update their .NET Core runtimes to versions 1.0.13 and 1.1.10 then restart their applications. If installed applications target .NET Core 2.0, the applications must be migrated to 2.1 or newer and redeployed.
Developers must update their .NET Core SDK to versions 1.1.11 and migrate any .NET Core 2.0 or ASP.NET Core 2.0 applications to 2.1 then redeploy.
Beta Was this translation helpful? Give feedback.
All reactions