A library for using Font Awesome in WPF & Windows Forms applications
376
stars
87
forks
source link
CVE-2022-26907 (Medium) detected in microsoft.rest.clientruntime.2.3.20.nupkg, nuke.common.6.1.1.nupkg #116
Closed
mend-bolt-for-github[bot] closed 4 months ago
CVE-2022-26907 - Medium Severity Vulnerability
Vulnerable Libraries - microsoft.rest.clientruntime.2.3.20.nupkg, nuke.common.6.1.1.nupkg
microsoft.rest.clientruntime.2.3.20.nupkg
Infrastructure for error handling, tracing, and HttpClient pipeline configuration. Required by clien...
Library home page: https://api.nuget.org/packages/microsoft.rest.clientruntime.2.3.20.nupkg
Path to dependency file: /build/_build.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.rest.clientruntime/2.3.20/microsoft.rest.clientruntime.2.3.20.nupkg
Dependency Hierarchy: - nuke.common.6.1.1.nupkg (Root Library) - microsoft.azure.keyvault.3.0.4.nupkg - microsoft.rest.clientruntime.azure.3.3.18.nupkg - :x: **microsoft.rest.clientruntime.2.3.20.nupkg** (Vulnerable Library)
nuke.common.6.1.1.nupkg
Cross-platform build automation system Signed by signpath.io from repository 'https://github.com/nuk...
Library home page: https://api.nuget.org/packages/nuke.common.6.1.1.nupkg
Path to dependency file: /build/_build.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/nuke.common/6.1.1/nuke.common.6.1.1.nupkg
Dependency Hierarchy: - :x: **nuke.common.6.1.1.nupkg** (Vulnerable Library)
Found in HEAD commit: 300ffe1d117d8271fbdec90f09da40d1cdf2e105
Found in base branch: main
Vulnerability Details
Azure SDK for .NET Information Disclosure Vulnerability
Publish Date: 2022-04-15
URL: CVE-2022-26907
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-26907
Release Date: 2022-04-15
Fix Resolution: Microsoft.Rest.ClientRuntime - 2.3.24
Step up your Open Source Security Game with Mend here