search

UpendoVentures / Gamification-Module-Suite

A suite of modules that help to create and foster a community on your DNN-based website.
https://upendoventures.com/What/CMS/DNN
MIT License
0 stars 0 forks source link

DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) - autoclosed #22

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago
Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll

DotNetNuke.Modules.DigitalAssets

Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg

Path to vulnerable library: /References/DNN/09.08.00/DotNetNuke.Modules.DigitalAssets.dll

Found in HEAD commit: 0bc8705a3c3524a4b4a75d9f6120502aab4494d6

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (DotNetNuke.Modules.DigitalAssets version) Remediation Possible**
CVE-2022-47053 Medium 5.4 DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll Direct DotNetNuke.Bundle - 9.11.0

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-47053 ### Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll

DotNetNuke.Modules.DigitalAssets

Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg

Path to vulnerable library: /References/DNN/09.08.00/DotNetNuke.Modules.DigitalAssets.dll

Dependency Hierarchy: - :x: **DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll** (Vulnerable Library)

Found in HEAD commit: 0bc8705a3c3524a4b4a75d9f6120502aab4494d6

Found in base branch: dev

### Vulnerability Details

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Publish Date: 2023-04-12

URL: CVE-2022-47053

### CVSS 3 Score Details (5.4)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

Release Date: 2023-04-12

Fix Resolution: DotNetNuke.Bundle - 9.11.0

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.