search

haf / expecto

A smooth testing lib for F#. APIs made for humans! Strong testing methodologies for everyone!
Apache License 2.0
663 stars 96 forks source link

CVE-2022-41032 (High) detected in nuget.protocol.5.7.0.nupkg - autoclosed #440

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2022-41032 - High Severity Vulnerability

Vulnerable Library - nuget.protocol.5.7.0.nupkg

NuGet's implementation for interacting with feeds. Contains functionality for all feed types.

Library home page: https://api.nuget.org/packages/nuget.protocol.5.7.0.nupkg

Dependency Hierarchy: - :x: **nuget.protocol.5.7.0.nupkg** (Vulnerable Library)

Found in base branch: main

Vulnerability Details

NuGet Client Elevation of Privilege Vulnerability.

Publish Date: 2022-10-11

URL: CVE-2022-41032

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-11

Fix Resolution: NuGet.CommandLine - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1;NuGet.Commands - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1;NuGet.Protocol - 4.9.6,5.7.3,5.9.3,5.11.3,6.0.3,6.2.2,6.3.1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.