Healthcheck package vulnerability

Question

1.00/5 (2 votes)

See more:

Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 violates policy High-Level Vulnerability:

The package Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 is flagged as violating a policy for a high-level vulnerability. What should I do in this situation?

What I have tried:

used the previous version of dll but couldn't solve the issue

Posted 8-Aug-23 0:51am

Vert12

Updated 8-Aug-23 2:27am

Add a Solution

Comments

Member 15627495 8-Aug-23 7:20am

start visual studio 'as administrator'.

you have to right-click on launcher, and choose "run as admin..."

2 solutions

Solution 1

Quote:
The package Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 is flagged as violating a policy for a high-level vulnerability. What should I do in this situation?

Probably what I would do: don't use it, just contact Microsoft and report the problem. It may be that the NuGet package is corrupted, or it's a false positive from whatever detected it (at a guess Visual Studio). Either way, it's an MS problem and only they can fix it.

Posted 8-Aug-23 1:26am

OriginalGriff

Comments

Richard Deeming 8-Aug-23 8:27am

It's not a false-positive - 7.0.4 is five versions out of date, and is affected by several serious security vulnerabilities. :)

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard Deeming · Accepted Answer · 2023-08-08T02:27:00

Your application is built using ASP.NET 7.0.4, which has numerous high priority security vulnerabilities:

CVE-2023-28260 - fixed in 7.0.5[^]
CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29331, CVE-2023-29337, CVE-2023-32032, CVE-2023-33126, CVE-2023-33128, CVE-2023-33135 - fixed in 7.0.7[^]
CVE-2023-33127, CVE-2023-33170 - fixed in 7.0.9[^]

You need to update to 7.0.9, which is the current version.

You should also keep an eye on the .NET Blog[^] to see what security updates are released each month, and update your application(s) as appropriate.

Edit: And today, it moves to 7.0.10[^]:
.NET August 2023 Updates – .NET 7.0.10, .NET 6.0.21 - .NET Blog[^]
Fixing CVE-2023-38178, CVE-2023-35390, CVE-2023-38180, and CVE-2023-35391.