Current version 3.6.2 has 1 CVE: CVE-2024-12798

### Expected behavior
No security vulnerabilities should be present in the current version of Application Insights.

### Actual behavior
The current version of Application Insights Java agent uses a vulnerable version of logback-core (1.3.14) which contains CVE-2024-12798, allowing potential arbitrary code execution through JaninoEventEvaluator component.

### To Reproduce
I generated a base image using Application Insights and, upon scanning the image with Trivy, I found this vulnerability.

### System information
Please provide the following information:
 - SDK Version:
 - OS type and version: Linux, redhat
 - Application Server type and version (if applicable): 3.6.2
 - Using spring-boot? yes
 - Additional relevant libraries (with version, if applicable): logback

### Screenshots
![Image](https://github.com/user-attachments/assets/c2d11719-b90d-4e31-b8c0-aac1e8066509)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Current version 3.6.2 has 1 CVE: CVE-2024-12798 #3993

Expected behavior

Actual behavior

To Reproduce

System information

Screenshots

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Current version 3.6.2 has 1 CVE: CVE-2024-12798 #3993

Description

Expected behavior

Actual behavior

To Reproduce

System information

Screenshots

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions