Open mend-for-github-com[bot] opened 1 month ago
SDK for building and publishing WebAssembly applications.
Library home page: https://api.nuget.org/packages/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Path to dependency file: /src/BlazorAdmin/BlazorAdmin.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.net.sdk.webassembly.pack/8.0.1/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Found in HEAD commit: 9fd8dea5c0669a85391baba4982053cfe87d6485
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Dependency Hierarchy: - :x: **microsoft.net.sdk.webassembly.pack.8.0.1.nupkg** (Vulnerable Library)
Found in base branch: main
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Publish Date: 2024-07-09
URL: CVE-2024-38081
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-hq7w-xv5x-g34j
Release Date: 2024-07-09
Fix Resolution: Microsoft.IO.Redist - 6.0.1
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules
Vulnerable Library - microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
SDK for building and publishing WebAssembly applications.
Library home page: https://api.nuget.org/packages/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Path to dependency file: /src/BlazorAdmin/BlazorAdmin.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.net.sdk.webassembly.pack/8.0.1/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Found in HEAD commit: 9fd8dea5c0669a85391baba4982053cfe87d6485
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-38081
### Vulnerable Library - microsoft.net.sdk.webassembly.pack.8.0.1.nupkgSDK for building and publishing WebAssembly applications.
Library home page: https://api.nuget.org/packages/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Path to dependency file: /src/BlazorAdmin/BlazorAdmin.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.net.sdk.webassembly.pack/8.0.1/microsoft.net.sdk.webassembly.pack.8.0.1.nupkg
Dependency Hierarchy: - :x: **microsoft.net.sdk.webassembly.pack.8.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: 9fd8dea5c0669a85391baba4982053cfe87d6485
Found in base branch: main
### Vulnerability Details.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Publish Date: 2024-07-09
URL: CVE-2024-38081
### CVSS 3 Score Details (7.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-hq7w-xv5x-g34j
Release Date: 2024-07-09
Fix Resolution: Microsoft.IO.Redist - 6.0.1
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules