RwnRchrds / MyPortal

MyPortal Web Based MIS
GNU General Public License v3.0
1 stars 0 forks source link

CVE-2022-41032 (High) detected in nuget.protocol.5.11.0.nupkg - autoclosed #6

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2022-41032 - High Severity Vulnerability

Vulnerable Library - nuget.protocol.5.11.0.nupkg

NuGet's implementation for interacting with feeds. Contains functionality for all feed types.

Library home page: https://api.nuget.org/packages/nuget.protocol.5.11.0.nupkg

Path to dependency file: /MyPortalWeb/MyPortalWeb.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/nuget.protocol/5.11.0/nuget.protocol.5.11.0.nupkg

Dependency Hierarchy: - microsoft.visualstudio.web.codegeneration.design.6.0.2.nupkg (Root Library) - microsoft.visualstudio.web.codegenerators.mvc.6.0.2.nupkg - microsoft.visualstudio.web.codegeneration.6.0.2.nupkg - microsoft.visualstudio.web.codegeneration.entityframeworkcore.6.0.2.nupkg - microsoft.visualstudio.web.codegeneration.core.6.0.2.nupkg - microsoft.visualstudio.web.codegeneration.templating.6.0.2.nupkg - microsoft.visualstudio.web.codegeneration.utils.6.0.2.nupkg - microsoft.dotnet.scaffolding.shared.6.0.2.nupkg - nuget.projectmodel.5.11.0.nupkg - nuget.dependencyresolver.core.5.11.0.nupkg - :x: **nuget.protocol.5.11.0.nupkg** (Vulnerable Library)

Found in HEAD commit: b3e63ef18aec174fe59510d358df3544a5366f19

Found in base branch: master

Vulnerability Details

NuGet Client Elevation of Privilege Vulnerability.

Publish Date: 2022-10-11

URL: CVE-2022-41032

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-11

Fix Resolution: NuGet.CommandLine - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1;NuGet.Commands - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1;NuGet.Protocol - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1


Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.