CVEs are still being detected in SDK version 8.0.110

According to CVE-2024-38095 advisory, it has been fixed in version 8.0.7, however Microsoft defender for Cloud is still flagging this as still susceptible in dotnet SDK version 8.0.110 running in Ubuntu 24.04. Any advise when this is going to be addressed if it is not another false positive at all? Many thanks. 

CVE-2024-38095
Evidence
/usr/lib/dotnet/sdk/8.0.110/DotnetTools/dotnet-user-jwts/8.0.10-servicing.24468.4/tools/net8.0/any/dotnet-user-jwts.deps.json

Vendor: system.formats.asn1
Installed version: 5.0.0.0

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns="http://www.w3.org/TR/REC-html40">

Plus the following detected for .NET Core

CVE-2024-43483
CVE-2024-43484
CVE-2024-43485




































































Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVEs are still being detected in SDK version 8.0.110 #1454

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVEs are still being detected in SDK version 8.0.110 #1454

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions