Reactive ETL is a rewrite of Rhino ETL using the reactive extensions for .Net.
License: GNU Lesser General Public License v2.1
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Vulnerable Library - system.security.cryptography.xml.5.0.0.nupkgProvides classes to support the creation and validation of XML digital signatures. The classes in th...
Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.5.0.0.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /tmp/ws-ua_20220818174009_PXRZWG/dotnet_XPYLEP/20220818174009/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: a70fe25c1d666bbc710f7afb4504555b8e624ae7
Found in base branch: master
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2m65-m22p-9wjw
Release Date: 2022-08-09
Fix Resolution: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: ReactiveETL/ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 3df7d415fad19a791e8f65646788d6be1273a336
Found in base branch: master
Vulnerability Details
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Publish Date: 2018-10-10
URL: CVE-2018-8292
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: dotnet/announcements#88
Release Date: 2018-10-10
Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - sharpcompress.0.23.0.nupkgSharpCompress is a compression library for NET Standard 1.0 that can unrar, decompress 7zip, decompr...
Library home page: https://api.nuget.org/packages/sharpcompress.0.23.0.nupkg
Path to dependency file: ReactiveETL/ReactiveETL.MongoDb/ReactiveETL.MongoDb.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sharpcompress/0.23.0/sharpcompress.0.23.0.nupkg,/tmp/ws-ua_20211019122633_UKMWTO/dotnet_QHYYHL/20211019122633/sharpcompress/0.23.0/sharpcompress.0.23.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 5997762068ef8908589cfd4bb47853a4849001ae
Found in base branch: master
Vulnerability Details
SharpCompress is a fully managed C# library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to prevent extraction outside the destination directory the destinationFileName path is verified to begin with fullDestinationDirectoryPath. However, prior to version 0.29.0, it is not enforced that fullDestinationDirectoryPath ends with slash. If the destinationDirectory is not slash terminated like /home/user/dir it is possible to create a file with a name thats begins as the destination directory one level up from the directory, i.e. /home/user/dir.sh. Because of the file name and destination directory constraints the arbitrary file creation impact is limited and depends on the use case. This issue is fixed in SharpCompress version 0.29.0.
Publish Date: 2021-09-16
URL: CVE-2021-39208
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-jp7f-grcv-6mjf
Release Date: 2021-09-16
Fix Resolution: SharpCompress - 0.29.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - newtonsoft.json.9.0.1.nupkgJson.NET is a popular high-performance JSON framework for .NET
Library home page: https://api.nuget.org/packages/newtonsoft.json.9.0.1.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/newtonsoft.json/9.0.1/newtonsoft.json.9.0.1.nupkg
Dependency Hierarchy:
Found in HEAD commit: 3df7d415fad19a791e8f65646788d6be1273a336
Found in base branch: master
Vulnerability Details
Improper Handling of Exceptional Conditions in Newtonsoft.Json.
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Publish Date: 2022-06-22
URL: WS-2022-0161
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5crp-9r3c-p9vr
Release Date: 2022-06-22
Fix Resolution: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - azure.identity.1.7.0.nupkgThis is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.7.0.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.7.0/azure.identity.1.7.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 96e780a1c4e662653b04786f5caa2bf7f8e88063
Found in base branch: master
Vulnerability Details
Azure Identity SDK Remote Code Execution Vulnerability
Publish Date: 2023-10-10
URL: CVE-2023-36414
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-36414
Release Date: 2023-10-10
Fix Resolution: Azure.Identity - 1.10.2
Step up your Open Source Security Game with Mend here
Vulnerable Library - system.security.cryptography.pkcs.6.0.1.nupkgProvides support for PKCS and CMS algorithms.
Commonly Used Types:
System.Security.Cryptography.Pkcs.EnvelopedCms
Library home page: https://api.nuget.org/packages/system.security.cryptography.pkcs.6.0.1.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.pkcs/6.0.1/system.security.cryptography.pkcs.6.0.1.nupkg
Dependency Hierarchy:
Found in HEAD commit: 96e780a1c4e662653b04786f5caa2bf7f8e88063
Found in base branch: master
Vulnerability Details
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Publish Date: 2023-06-14
URL: CVE-2023-29331
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-555c-2p6r-68mm
Release Date: 2023-06-14
Fix Resolution: Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2
Step up your Open Source Security Game with Mend here
Vulnerable Library - system.security.cryptography.pkcs.6.0.1.nupkgProvides support for PKCS and CMS algorithms.
Commonly Used Types:
System.Security.Cryptography.Pkcs.EnvelopedCms
Library home page: https://api.nuget.org/packages/system.security.cryptography.pkcs.6.0.1.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.pkcs/6.0.1/system.security.cryptography.pkcs.6.0.1.nupkg
Dependency Hierarchy:
Found in HEAD commit: 086245280f7295cbe5b03039ddbe2724476faa14
Found in base branch: master
Vulnerability Details
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Publish Date: 2023-06-14
URL: CVE-2023-29331
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-555c-2p6r-68mm
Release Date: 2023-06-14
Fix Resolution: Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2
Step up your Open Source Security Game with Mend here
The ReactiveETL is avaliable on Nuget?
Are there any other documentation sources I could reference for this project? Seems interesting but I've been having a hard time learning how to do basic SQL operations such as joins.
Vulnerable Library - system.text.regularexpressions.4.3.0.nupkgProvides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...
Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg
Path to dependency file: ReactiveETL/ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 3df7d415fad19a791e8f65646788d6be1273a336
Found in base branch: master
Vulnerability Details
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Publish Date: 2019-05-16
URL: CVE-2019-0820
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
I seems that this file has some error, I can't build it
such as
public void Dispose() => doDispose();
my vs2013 and net4.5 can't use it
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
