search

clindseywsdemo / DotNET-eShop-Core

MIT License
0 stars 0 forks source link

BlazorAdmin-1.0.0: 1 vulnerabilities (highest severity is: 6.2) #84

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - BlazorAdmin-1.0.0

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components/6.0.4/microsoft.aspnetcore.components.6.0.4.nupkg

Found in HEAD commit: 9fd8dea5c0669a85391baba4982053cfe87d6485

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (BlazorAdmin version) Remediation Possible**
CVE-2023-36558 Medium 6.2 microsoft.aspnetcore.components.6.0.4.nupkg Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-36558 ### Vulnerable Library - microsoft.aspnetcore.components.6.0.4.nupkg

Components feature for ASP.NET Core. This package was built from the source code at https://github....

Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.6.0.4.nupkg

Path to dependency file: /src/Web/Web.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components/6.0.4/microsoft.aspnetcore.components.6.0.4.nupkg

Dependency Hierarchy: - BlazorAdmin-1.0.0 (Root Library) - blazorshared.1.0.0.nupkg - blazorinputfile.0.2.0.nupkg - :x: **microsoft.aspnetcore.components.6.0.4.nupkg** (Vulnerable Library)

Found in HEAD commit: 9fd8dea5c0669a85391baba4982053cfe87d6485

Found in base branch: main

### Vulnerability Details

ASP.NET Core - Security Feature Bypass Vulnerability

Publish Date: 2023-11-14

URL: CVE-2023-36558

### CVSS 3 Score Details (6.2)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-3fx3-85r4-8j3w

Release Date: 2023-11-14

Fix Resolution: Microsoft.AspNetCore.Components - 6.0.25,7.0.14,8.0.0