microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg: 1 vulnerabilities (highest severity is: 7.5) - autoclosed
mend-bolt-for-github opened this issue · comments
Vulnerable Library - microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Development server for use when building Blazor applications.
This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/d47e49e9c1e173ac90821f7e89cc38e710274241
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Path to dependency file: /CertRenewal/CertRenewal/CertRenewal.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components.webassembly.devserver/7.0.5/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Vulnerabilities
CVE | Severity | CVSS | Dependency | Type | Fixed in (microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg version) | Remediation Available |
---|---|---|---|---|---|---|
CVE-2023-29331 | High | 7.5 | microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg | Direct | Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2 | ❌ |
Details
CVE-2023-29331
Vulnerable Library - microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Development server for use when building Blazor applications.
This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/d47e49e9c1e173ac90821f7e89cc38e710274241
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Path to dependency file: /CertRenewal/CertRenewal/CertRenewal.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components.webassembly.devserver/7.0.5/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg
Dependency Hierarchy:
- ❌ microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg (Vulnerable Library)
Found in base branch: main
Vulnerability Details
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Publish Date: 2023-06-14
URL: CVE-2023-29331
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-555c-2p6r-68mm
Release Date: 2023-06-14
Fix Resolution: Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2
Step up your Open Source Security Game with Mend here
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.