Open mend-bolt-for-github[bot] opened 1 year ago
microsoft.owin.3.0.1.nupkg
Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.3.0.1.nupkg
Path to dependency file: /src/Hangfire.Core/Hangfire.Core.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/3.0.1/microsoft.owin.3.0.1.nupkg,/ckages/microsoft.owin/3.0.1/microsoft.owin.3.0.1.nupkg
Dependency Hierarchy: - :x: **microsoft.owin.3.0.1.nupkg** (Vulnerable Library)
Library home page: https://api.nuget.org/packages/microsoft.owin.4.0.0.nupkg
Path to dependency file: /samples/ConsoleSample/ConsoleSample.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/4.0.0/microsoft.owin.4.0.0.nupkg
Dependency Hierarchy: - hangfire.sqlserver.msmq.1.0.0.nupkg (Root Library) - hangfire.sqlserver.1.0.0.nupkg - hangfire.core.1.0.0.nupkg - :x: **microsoft.owin.4.0.0.nupkg** (Vulnerable Library)
Found in HEAD commit: f0cec62ac603399e31e46b9b6fc80363d263488a
Found in base branch: master
.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2022-05-10
URL: CVE-2022-29117
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Release Date: 2022-05-10
Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2
Step up your Open Source Security Game with Mend here
CVE-2022-29117 - High Severity Vulnerability
Vulnerable Libraries - microsoft.owin.3.0.1.nupkg, microsoft.owin.4.0.0.nupkg
microsoft.owin.3.0.1.nupkg
Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.3.0.1.nupkg
Path to dependency file: /src/Hangfire.Core/Hangfire.Core.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/3.0.1/microsoft.owin.3.0.1.nupkg,/ckages/microsoft.owin/3.0.1/microsoft.owin.3.0.1.nupkg
Dependency Hierarchy: - :x: **microsoft.owin.3.0.1.nupkg** (Vulnerable Library)
microsoft.owin.4.0.0.nupkg
Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.4.0.0.nupkg
Path to dependency file: /samples/ConsoleSample/ConsoleSample.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/4.0.0/microsoft.owin.4.0.0.nupkg
Dependency Hierarchy: - hangfire.sqlserver.msmq.1.0.0.nupkg (Root Library) - hangfire.sqlserver.1.0.0.nupkg - hangfire.core.1.0.0.nupkg - :x: **microsoft.owin.4.0.0.nupkg** (Vulnerable Library)
Found in HEAD commit: f0cec62ac603399e31e46b9b6fc80363d263488a
Found in base branch: master
Vulnerability Details
.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2022-05-10
URL: CVE-2022-29117
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Release Date: 2022-05-10
Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2
Step up your Open Source Security Game with Mend here