Git Product home page Git Product logo

ua-.netstandardlibrary's People

Contributors

alinmoldovean avatar archie-miller avatar barnstee avatar bhnaphade avatar cacamille3 avatar dependabot[bot] avatar dk2129 avatar eddig avatar jh-isw avatar kevinjhang avatar kircmax avatar koepalex avatar marcschier avatar markushorstmann avatar md-v avatar mregen avatar mrsuciu avatar mtx500 avatar nathanpocock avatar niveditha-sooda avatar opcfoundation-org avatar oscarreynhout avatar randy-armstrong avatar romanett avatar saurla avatar sbaeumler avatar sebastianbaeumler avatar thomasnehring avatar timjoehnk avatar zigby avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

ua-.netstandardlibrary's Issues

This is a test of the new template

Type of issue

  • Bug
  • Enhancement
  • Compliance
  • Question
  • Help wanted

Current Behavior

The current behavior is

Expected Behavior

No response

Steps To Reproduce

No response

Environment

- OS:
- Environment:
- Runtime:
- NugetVersion:
- Component:
- Server:
- Client:

Anything else?

No response

CVE-2021-26701 (High) detected in system.text.encodings.web.4.5.0.nupkg, system.text.encodings.web.4.5.0.nupkg

CVE-2021-26701 - High Severity Vulnerability

Vulnerable Libraries - system.text.encodings.web.4.5.0.nupkg, system.text.encodings.web.4.5.0.nupkg

system.text.encodings.web.4.5.0.nupkg

Provides types for encoding and escaping strings for use in JavaScript, HyperText Markup Language (H...

Library home page: https://api.nuget.org/packages/system.text.encodings.web.4.5.0.nupkg

Path to dependency file: /Applications/ReferenceClient/Reference Client.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg

Dependency Hierarchy:

  • OPCFoundation.NetStandard.Opc.Ua.Bindings.Https.Debug-1.4.360-preview-20211229 (Root Library)
    • microsoft.aspnetcore.server.kestrel.2.2.0.nupkg
      • microsoft.aspnetcore.hosting.2.2.0.nupkg
        • microsoft.aspnetcore.http.2.2.0.nupkg
          • microsoft.aspnetcore.webutilities.2.2.0.nupkg
            • system.text.encodings.web.4.5.0.nupkg (Vulnerable Library)
system.text.encodings.web.4.5.0.nupkg

Provides types for encoding and escaping strings for use in JavaScript, HyperText Markup Language (H...

Library home page: https://api.nuget.org/packages/system.text.encodings.web.4.5.0.nupkg

Path to dependency file: /Applications/ConsoleReferenceServer/ConsoleReferenceServer.csproj

Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.text.encodings.web/4.5.0/system.text.encodings.web.4.5.0.nupkg

Dependency Hierarchy:

  • microsoft.aspnetcore.server.kestrel.https.2.2.0.nupkg (Root Library)
    • microsoft.aspnetcore.http.abstractions.2.2.0.nupkg
      • system.text.encodings.web.4.5.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.

Publish Date: 2021-02-25

URL: CVE-2021-26701

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: dotnet/announcements#178

Release Date: 2021-02-25

Fix Resolution: System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1

Step up your Open Source Security Game with WhiteSource here

WS-2022-0161 (High) detected in nerdbank.gitversioning.3.2.31.nupkg

WS-2022-0161 - High Severity Vulnerability

Vulnerable Library - nerdbank.gitversioning.3.2.31.nupkg

Stamps your assemblies with semver 2.0 compliant git commit specific version information and provide...

Library home page: https://api.nuget.org/packages/nerdbank.gitversioning.3.2.31.nupkg

Path to dependency file: /Applications/ConsoleReferenceServer/ConsoleReferenceServer.csproj

Path to vulnerable library: /nerdbank.gitversioning/3.2.31/nerdbank.gitversioning.3.2.31.nupkg

Dependency Hierarchy:

  • nerdbank.gitversioning.3.2.31.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Found in base branch: master

Vulnerability Details

Improper Handling of Exceptional Conditions in Newtonsoft.Json.
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.

Publish Date: 2022-06-22

URL: WS-2022-0161

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-06-22

Fix Resolution: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0

Step up your Open Source Security Game with Mend here

CVE-2020-1045 (High) detected in microsoft.aspnetcore.http.2.1.1.nupkg

CVE-2020-1045 - High Severity Vulnerability

Vulnerable Library - microsoft.aspnetcore.http.2.1.1.nupkg

ASP.NET Core default HTTP feature implementations.

Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.http.2.1.1.nupkg

Path to dependency file: /Applications/ConsoleReferenceServer/ConsoleReferenceServer.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.http/2.1.1/microsoft.aspnetcore.http.2.1.1.nupkg

Dependency Hierarchy:

  • microsoft.aspnetcore.server.kestrel.2.1.3.nupkg (Root Library)
    • microsoft.aspnetcore.hosting.2.1.1.nupkg
      • microsoft.aspnetcore.http.2.1.1.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

Publish Date: 2020-09-11

URL: CVE-2020-1045

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: dotnet/announcements#165

Release Date: 2020-10-02

Fix Resolution: Microsoft.AspNetCore.App - 2.1.22, Microsoft.AspNetCore.All - 2.1.22,Microsoft.NETCore.App - 2.1.22, Microsoft.AspNetCore.Http - 2.1.22

Step up your Open Source Security Game with WhiteSource here

CVE-2019-1302 (High) detected in microsoft.netcore.app.2.1.0.nupkg

CVE-2019-1302 - High Severity Vulnerability

Vulnerable Library - microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a...

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

Publish Date: 2019-09-11

URL: CVE-2019-1302

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: aspnet/Announcements#384

Release Date: 2019-09-12

Fix Resolution: Microsoft.AspNetCore.SpaServices - 2.2.1,2.1.2

Step up your Open Source Security Game with WhiteSource here

CVE-2019-0564 (High) detected in microsoft.netcore.app.2.1.0.nupkg

CVE-2019-0564 - High Severity Vulnerability

Vulnerable Library - microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a...

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

Publish Date: 2019-01-08

URL: CVE-2019-0564

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: aspnet/Announcements#334

Release Date: 2019-01-11

Fix Resolution: Microsoft.AspNetCore.WebSockets - 2.1.7,2.2.1;Microsoft.AspNetCore.Server.Kestrel.Core - 2.1.7;System.Net.WebSockets.WebSocketProtocol - 4.5.3;Microsoft.NETCore.App - 2.1.7,2.2.1;Microsoft.AspNetCore.App - 2.1.7,2.2.1;Microsoft.AspNetCore.All - 2.1.7,2.2.1

Step up your Open Source Security Game with WhiteSource here

CVE-2018-8409 (High) detected in system.io.pipelines.4.5.0.nupkg

CVE-2018-8409 - High Severity Vulnerability

Vulnerable Library - system.io.pipelines.4.5.0.nupkg

Single producer single consumer byte buffer management.

Commonly Used Types:
System.IO.Pipelines.Pi...

Library home page: https://api.nuget.org/packages/system.io.pipelines.4.5.0.nupkg

Path to dependency file: UA-.NetStandardLibrary/Applications/ConsoleReferenceServer/ConsoleReferenceServer.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.io.pipelines/4.5.0/system.io.pipelines.4.5.0.nupkg

Dependency Hierarchy:

  • microsoft.aspnetcore.server.kestrel.https.2.1.3.nupkg (Root Library)
    • microsoft.aspnetcore.server.kestrel.core.2.1.25.nupkg
      • microsoft.aspnetcore.server.kestrel.transport.abstractions.2.1.3.nupkg
        • microsoft.aspnetcore.connections.abstractions.2.1.3.nupkg
          • system.io.pipelines.4.5.0.nupkg (Vulnerable Library)

Found in HEAD commit: 270966e8b42cf312df9cf6cfd3760e50a9469330

Vulnerability Details

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

Publish Date: 2018-09-13

URL: CVE-2018-8409

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8409

Release Date: 2018-09-13

Fix Resolution: System.IO.Pipelines-4.5.1, Microsoft.AspNetCore.All-2.1.4, Microsoft.AspNetCore.App-2.1.4

Step up your Open Source Security Game with WhiteSource here

CVE-2020-1147 (High) detected in microsoft.netcore.app.2.1.0.nupkg

CVE-2020-1147 - High Severity Vulnerability

Vulnerable Library - microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a...

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Publish Date: 2020-07-14

URL: CVE-2020-1147

CVSS 3 Score Details (7.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: dotnet/announcements#159

Release Date: 2020-07-14

Fix Resolution: microsoft.aspnetcore.all - 2.1.20;microsoft.netcore.app - 2.1.20;microsoft.aspnetcore.app - 2.1.20

Step up your Open Source Security Game with WhiteSource here

CVE-2019-0545 (High) detected in microsoft.netcore.app.2.1.0.nupkg

CVE-2019-0545 - High Severity Vulnerability

Vulnerable Library - microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a...

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.

Publish Date: 2019-01-08

URL: CVE-2019-0545

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: dotnet/announcements#94

Release Date: 2019-01-14

Fix Resolution: Microsoft.NETCore.App - 2.1.7,2.2.1

Step up your Open Source Security Game with WhiteSource here

CVE-2019-0548 (High) detected in multiple libraries

CVE-2019-0548 - High Severity Vulnerability

Vulnerable Libraries - microsoft.netcore.dotnetapphost.2.1.0.nupkg, microsoft.netcore.app.2.1.0.nupkg, microsoft.netcore.dotnethostpolicy.2.1.0.nupkg, microsoft.netcore.dotnethostresolver.2.1.0.nupkg

microsoft.netcore.dotnetapphost.2.1.0.nupkg

Provides the .NET Core app bootstrapper intended for use in the application directory caa7b7e2bad98...

Library home page: https://api.nuget.org/packages/microsoft.netcore.dotnetapphost.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.netcore.dotnetapphost/2.1.0/microsoft.netcore.dotnetapphost.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Root Library)
    • microsoft.netcore.dotnethostpolicy.2.1.0.nupkg
      • microsoft.netcore.dotnethostresolver.2.1.0.nupkg
        • microsoft.netcore.dotnetapphost.2.1.0.nupkg (Vulnerable Library)
microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a...

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Vulnerable Library)
microsoft.netcore.dotnethostpolicy.2.1.0.nupkg

Provides a CoreCLR hosting policy implementation -- configuration settings, assembly paths and assem...

Library home page: https://api.nuget.org/packages/microsoft.netcore.dotnethostpolicy.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.netcore.dotnethostpolicy/2.1.0/microsoft.netcore.dotnethostpolicy.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Root Library)
    • microsoft.netcore.dotnethostpolicy.2.1.0.nupkg (Vulnerable Library)
microsoft.netcore.dotnethostresolver.2.1.0.nupkg

Provides an implementation of framework resolution strategy used by Microsoft.NETCore.DotNetHost ca...

Library home page: https://api.nuget.org/packages/microsoft.netcore.dotnethostresolver.2.1.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.netcore.dotnethostresolver/2.1.0/microsoft.netcore.dotnethostresolver.2.1.0.nupkg

Dependency Hierarchy:

  • microsoft.netcore.app.2.1.0.nupkg (Root Library)
    • microsoft.netcore.dotnethostpolicy.2.1.0.nupkg
      • microsoft.netcore.dotnethostresolver.2.1.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564.

Publish Date: 2019-01-08

URL: CVE-2019-0548

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: aspnet/Announcements#335

Release Date: 2019-01-15

Fix Resolution: Microsoft.AspNetCore.SignalR - 1.1.0; Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets - 2.2.1; Microsoft.AspNetCore.Server.IIS - 2.2.1; Microsoft.AspNetCore.Server.IISIntegration - 2.2.1;Microsoft.AspNetCore.Server.Kestrel.Core - 2.1.7

Step up your Open Source Security Game with WhiteSource here

CVE-2019-0820 (High) detected in system.text.regularexpressions.4.3.0.nupkg

CVE-2019-0820 - High Severity Vulnerability

Vulnerable Library - system.text.regularexpressions.4.3.0.nupkg

Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...

Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg

Path to dependency file: /Tests/Opc.Ua.Security.Certificates.Tests/Opc.Ua.Security.Certificates.Tests.csproj

Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Dependency Hierarchy:

  • moq.4.16.1.nupkg (Root Library)
    • castle.core.4.4.0.nupkg
      • system.xml.xmldocument.4.3.0.nupkg
        • system.xml.readerwriter.4.3.0.nupkg
          • system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library)

Found in HEAD commit: cc7c7249fb08f768b869a09371e53abf3b2c2047

Vulnerability Details

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.

Publish Date: 2019-05-16

URL: CVE-2019-0820

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cmhx-cq75-c4mj

Release Date: 2020-08-24

Fix Resolution: System.Text.RegularExpressions - 4.3.1

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.