CVE-2023-36558 (Medium) detected in microsoft.aspnetcore.components.7.0.9.nupkg - autoclosed
mend-bolt-for-github opened this issue · comments
CVE-2023-36558 - Medium Severity Vulnerability
Vulnerable Library - microsoft.aspnetcore.components.7.0.9.nupkg
Components feature for ASP.NET Core.
This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/b506e2cb7b6c0fe787305f8cfdee046b7b3f9a53
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.7.0.9.nupkg
Path to dependency file: /src/Server/BlazorBoilerplate.Server/BlazorBoilerplate.Server.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components/7.0.9/microsoft.aspnetcore.components.7.0.9.nupkg
Dependency Hierarchy:
- ❌ microsoft.aspnetcore.components.7.0.9.nupkg (Vulnerable Library)
Found in HEAD commit: fb0edc2b05ad3543ffd7d76d1793f1f969f2d07c
Found in base branch: master
Vulnerability Details
ASP.NET Core - Security Feature Bypass Vulnerability
Publish Date: 2023-11-14
URL: CVE-2023-36558
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-3fx3-85r4-8j3w
Release Date: 2023-11-14
Fix Resolution: Microsoft.AspNetCore.Components - 6.0.25,7.0.14,8.0.0
Step up your Open Source Security Game with Mend here
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.