CVE-2022-34716 - Medium Severity Vulnerability
Vulnerable Library - system.security.cryptography.xml.5.0.0.nupkg
Provides classes to support the creation and validation of XML digital signatures. The classes in th...
Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.5.0.0.nupkg
Path to dependency file: /ReactiveETL.Tests/ReactiveETL.Tests.csproj
Path to vulnerable library: /tmp/ws-ua_20220818174009_PXRZWG/dotnet_XPYLEP/20220818174009/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg
Dependency Hierarchy:
- shouldly.4.0.3.nupkg (Root Library)
- diffengine.6.4.9.nupkg
- microsoft.windows.compatibility.5.0.0.nupkg
- system.servicemodel.primitives.4.7.0.nupkg
- system.private.servicemodel.4.7.0.nupkg
- โ system.security.cryptography.xml.5.0.0.nupkg (Vulnerable Library)
Found in HEAD commit: a70fe25c1d666bbc710f7afb4504555b8e624ae7
Found in base branch: master
Vulnerability Details
.NET Spoofing Vulnerability.
Publish Date: 2022-08-09
URL: CVE-2022-34716
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-2m65-m22p-9wjw
Release Date: 2022-08-09
Fix Resolution: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1
Step up your Open Source Security Game with Mend here