Giters

sujithq / cert-renewal

Certification Renewal

Home Page:https://sujithq.github.io/cert-renewal/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

mend-bolt-for-github opened this issue · comments

commented
Vulnerable Library - microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Development server for use when building Blazor applications.

This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/d47e49e9c1e173ac90821f7e89cc38e710274241

Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Path to dependency file: /CertRenewal/CertRenewal/CertRenewal.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components.webassembly.devserver/7.0.5/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg version) Remediation Available
CVE-2023-29331 High 7.5 microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg Direct Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2

Details

CVE-2023-29331

Vulnerable Library - microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Development server for use when building Blazor applications.

This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/d47e49e9c1e173ac90821f7e89cc38e710274241

Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Path to dependency file: /CertRenewal/CertRenewal/CertRenewal.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components.webassembly.devserver/7.0.5/microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg

Dependency Hierarchy:

  • microsoft.aspnetcore.components.webassembly.devserver.7.0.5.nupkg (Vulnerable Library)

Found in base branch: main

Vulnerability Details

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

Publish Date: 2023-06-14

URL: CVE-2023-29331

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-555c-2p6r-68mm

Release Date: 2023-06-14

Fix Resolution: Microsoft.NetCore.App.Runtime.linux-arm - 6.0.18,7.0.7, Microsoft.Windows.Compatibility - 6.0.6,7.0.3, System.Security.Cryptography.Pkcs - 6.0.3,7.0.2

Step up your Open Source Security Game with Mend here

commented

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.