mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #57
Closed mend-bolt-for-github[bot] closed 2 years ago
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #57
mend-bolt-for-github[bot]
commented
2 years ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #57
Code Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Vulnerabilities
Details
CVE-2019-8331
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2020-11022
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2018-14040
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2018-20677
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2018-14042
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2016-10735
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsIn Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2019-11358
### Vulnerable Library - microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkgCode Generators for ASP.NET Core MVC. Contains code generators for MVC Controllers and Views.
Library home page: https://api.nuget.org/packages/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Path to vulnerable library: /obj/pkgs/microsoft.visualstudio.web.codegenerators.mvc/2.1.7/microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg
Dependency Hierarchy: - :x: **microsoft.visualstudio.web.codegenerators.mvc.2.1.7.nupkg** (Vulnerable Library)
Found in HEAD commit: ebe7c6237e41b2d6f63ad16df6b50fa372ea6b4d
Found in base branch: main
### Vulnerability DetailsjQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: 3.4.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)