## Microsoft Azure WebJobs Host Storage Package Exposes Critical 7.5-Severity Vulnerabilities
A critical security exposure has been identified within the Microsoft Azure WebJobs Host Storage package, version 3.0.14, with the highest severity vulnerability scoring 7.5 on the CVSS scale. The vulnerabilities are flagged as 'reachable,' indicating the flawed code paths are accessible and exploitable within the application's runtime environment. This finding originates from a dependency scan of a Microsoft Teams application project, specifically the `CompanyCommunicator.Send.Func.Test.csproj`, pinpointing the vulnerable library within the NuGet package ecosystem.

The core issue stems from a transitive dependency on `system.text.regularexpressions.4.3.0.nupkg`. The specific vulnerability, tracked as CVE-2024-21907, is embedded in this widely used .NET framework component. The presence of this flaw in a core Azure serverless hosting package (`microsoft.azure.webjobs.host.storage`) raises immediate concerns for any cloud application built on this stack, as it forms a foundational part of Azure Functions and related event-driven architectures.

This discovery places direct pressure on development and security teams using this package version to assess their exposure and implement remediation. While a fixed version may be available, the 'reachable' status significantly increases the operational risk, potentially allowing for denial-of-service attacks or remote code execution depending on the CVE's specifics. The incident underscores the persistent challenge of securing complex software supply chains, even within major cloud providers' own curated SDKs and hosting environments.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: cybersecurity, vulnerability, azure, supply-chain, cve
- **Credibility**: unverified
- **Published**: 2026-04-01 13:27:26
- **ID**: 45413
- **URL**: https://whisperx.ai/en/intel/45413