Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] Rest.ClientRuntime.Azure.Authentication references deprecated lib with vulnerability: IdentityModel.Clients.ActiveDirectory
See original GitHub issueLibrary name and version
Microsoft.Rest.ClientRuntime.Azure.Authentication 2.4.1
Describe the bug
Hi!
Microsoft.Rest.ClientRuntime.Azure.Authentication 2.4.1 (latest) references Microsoft.IdentityModel.Clients.ActiveDirectory 4.3.0 which references System.Runtime.Serialization.Json 4.3.0 which references System.Private.DataContractSerialization 4.3.0 that is reported to have vulnerability CVE-2023-21538 (reported by Dependency Track).
All packages are at their latest version except Microsoft.IdentityModel.Clients.ActiveDirectory, but the latest version also references libs of version 4.3.0.
Is there an update coming?
Is there something I can do to remedy? Is there an alternative package to use?
We’re consuming ClientCredential and ApplicationTokenProvider in a .net7 function app running on Azure.
Thank you!
Expected behavior
No reported vulnerabilities
Actual behavior
Reported vulnerability on System.Private.DataContractSerialization by Dependency Track
Reproduction Steps
Environment
.net7 running on Azure function apps
Issue Analytics
- State:
- Created 6 months ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@andyhammar: Thank you for the clarification and apologies for the misunderstanding. I’ve looped in @ArthurMa1978, who would be best able to assist.
Hey @andyhammar , the Rest.ClientRuntime.Azure.Authentication lib will also be deprecated soon.