[Snyk] Fix for 4 vulnerabilities - Githubissues

dotJEM / json-index

MIT License

7 stars 3 forks source link

[Snyk] Fix for 4 vulnerabilities #39

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to fix one or more vulnerable packages in the `nuget` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- DotJEM.Json.Index.Test/packages.config

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Insecure Defaults SNYK-DOTNET-NEWTONSOFTJSON-2774678	Yes	Proof of Concept
	414/1000 Why? Has a fix available, CVSS 4	Directory Traversal SNYK-DOTNET-SHARPZIPLIB-2385702	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Directory Traversal SNYK-DOTNET-SHARPZIPLIB-2385941	Yes	No Known Exploit
	489/1000 Why? Has a fix available, CVSS 5.5	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-DOTNET-SHARPZIPLIB-60247	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal 🦉 Directory Traversal

blackduck-copilot[bot] commented 1 year ago

Black Duck Security Report

Merging #39 into master will not change security risk.

Added Components

Clean: 2

Click here to see full report