Click here to Skip to main content
15,903,854 members
Please Sign up or sign in to vote.
1.00/5 (2 votes)
See more:
Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 violates policy High-Level Vulnerability:



The package Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 is flagged as violating a policy for a high-level vulnerability. What should I do in this situation?


What I have tried:

used the previous version of dll but couldn't solve the issue
Posted
Updated 8-Aug-23 2:27am
Comments
Member 15627495 8-Aug-23 7:20am    
start visual studio 'as administrator'.

you have to right-click on launcher, and choose "run as admin..."

Your application is built using ASP.NET 7.0.4, which has numerous high priority security vulnerabilities:
  • CVE-2023-28260 - fixed in 7.0.5[^]
  • CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29331, CVE-2023-29337, CVE-2023-32032, CVE-2023-33126, CVE-2023-33128, CVE-2023-33135 - fixed in 7.0.7[^]
  • CVE-2023-33127, CVE-2023-33170 - fixed in 7.0.9[^]

You need to update to 7.0.9, which is the current version.

You should also keep an eye on the .NET Blog[^] to see what security updates are released each month, and update your application(s) as appropriate.

Edit: And today, it moves to 7.0.10[^]:
.NET August 2023 Updates – .NET 7.0.10, .NET 6.0.21 - .NET Blog[^]
Fixing CVE-2023-38178, CVE-2023-35390, CVE-2023-38180, and CVE-2023-35391.
 
Share this answer
 
v2
Quote:
The package Microsoft.Extensions.Diagnostics.HealthChecks/7.0.4 is flagged as violating a policy for a high-level vulnerability. What should I do in this situation?
Probably what I would do: don't use it, just contact Microsoft and report the problem. It may be that the NuGet package is corrupted, or it's a false positive from whatever detected it (at a guess Visual Studio). Either way, it's an MS problem and only they can fix it.
 
Share this answer
 
Comments
Richard Deeming 8-Aug-23 8:27am    
It's not a false-positive - 7.0.4 is five versions out of date, and is affected by several serious security vulnerabilities. :)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900