Open mend-for-github-com[bot] opened 1 year ago
Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.4.1.1.nupkg
Path to dependency file: /legacy/Umbraco.Tests/Umbraco.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/4.1.1/microsoft.owin.4.1.1.nupkg
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **microsoft.owin.4.1.1.nupkg** (Vulnerable Library)
Found in base branch: v10/contrib
.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2022-05-10
URL: CVE-2022-29117
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Release Date: 2022-05-10
Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2
:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.
Vulnerable Library - microsoft.owin.4.1.1.nupkg
Provides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.4.1.1.nupkg
Path to dependency file: /legacy/Umbraco.Tests/Umbraco.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/4.1.1/microsoft.owin.4.1.1.nupkg
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-29117
### Vulnerable Library - microsoft.owin.4.1.1.nupkgProvides a set of helper types and abstractions for simplifying the creation of OWIN components.
Library home page: https://api.nuget.org/packages/microsoft.owin.4.1.1.nupkg
Path to dependency file: /legacy/Umbraco.Tests/Umbraco.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin/4.1.1/microsoft.owin.4.1.1.nupkg
Dependency Hierarchy: - :x: **microsoft.owin.4.1.1.nupkg** (Vulnerable Library)
Found in HEAD commit: 3779382600a590273050ede90af971d9ece62057
Found in base branch: v10/contrib
### Vulnerability Details.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2022-05-10
URL: CVE-2022-29117
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Release Date: 2022-05-10
Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.