mend-bolt-for-github[bot]
commented
7 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2023-36558 - Medium Severity Vulnerability
Components feature for ASP.NET Core. This package was built from the source code at https://github.com/dotnet/aspnetcore/tree/b506e2cb7b6c0fe787305f8cfdee046b7b3f9a53
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.components.7.0.9.nupkg
Path to dependency file: /src/Server/BlazorBoilerplate.Server/BlazorBoilerplate.Server.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.components/7.0.9/microsoft.aspnetcore.components.7.0.9.nupkg
Dependency Hierarchy: - :x: **microsoft.aspnetcore.components.7.0.9.nupkg** (Vulnerable Library)
Found in HEAD commit: fb0edc2b05ad3543ffd7d76d1793f1f969f2d07c
Found in base branch: master
ASP.NET Core - Security Feature Bypass Vulnerability
Publish Date: 2023-11-14
URL: CVE-2023-36558
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3fx3-85r4-8j3w
Release Date: 2023-11-14
Fix Resolution: Microsoft.AspNetCore.Components - 6.0.25,7.0.14,8.0.0
Step up your Open Source Security Game with Mend here