You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
No security vulnerabilities should be present in the current version of Application Insights.
Actual behavior
The current version of Application Insights Java agent uses a vulnerable version of logback-core (1.3.14) which contains CVE-2024-12798, allowing potential arbitrary code execution through JaninoEventEvaluator component.
To Reproduce
I generated a base image using Application Insights and, upon scanning the image with Trivy, I found this vulnerability.
System information
Please provide the following information:
SDK Version:
OS type and version: Linux, redhat
Application Server type and version (if applicable): 3.6.2
Using spring-boot? yes
Additional relevant libraries (with version, if applicable): logback
Screenshots
The text was updated successfully, but these errors were encountered:
Expected behavior
No security vulnerabilities should be present in the current version of Application Insights.
Actual behavior
The current version of Application Insights Java agent uses a vulnerable version of logback-core (1.3.14) which contains CVE-2024-12798, allowing potential arbitrary code execution through JaninoEventEvaluator component.
To Reproduce
I generated a base image using Application Insights and, upon scanning the image with Trivy, I found this vulnerability.
System information
Please provide the following information:
Screenshots
The text was updated successfully, but these errors were encountered: