CVE-2023-36566 (Medium) detected in microsoft.commondatamodel.objectmodel.1.1.0.nupkg, objectmodel-1.1.0.jar

[mend-bolt-for-github[bot]]

CVE-2023-36566 - Medium Severity Vulnerability

Vulnerable Libraries - microsoft.commondatamodel.objectmodel.1.1.0.nupkg, objectmodel-1.1.0.jar

microsoft.commondatamodel.objectmodel.1.1.0.nupkg

The CSharp implementation of the Microsoft Common Data Model Object Model.

Library home page: https://api.nuget.org/packages/microsoft.commondatamodel.objectmodel.1.1.0.nupkg

Path to dependency file: /samples/4-read-local-save-adls/code-cs/read-local-save-adls/read-local-save-adls.csproj

Path to vulnerable library: /samples/4-read-local-save-adls/code-cs/read-local-save-adls/read-local-save-adls.csproj,/samples/7-search-partition-pattern/code-cs/search-partition-pattern/search-partition-pattern.csproj,/samples/3-customize-entities/code-cs/customize-manifest/customize-manifest.csproj,/samples/5-configure-adapters/code-cs/configure-adapters/configure-adapters.csproj,/samples/2-create-manifest/code-cs/create-manifest/create-manifest.csproj,/samples/6-create-net-new-entities/code-cs/create-net-new-entities/create-net-new-entities.csproj,/samples/1-read-manifest/code-cs/read-manifest/read-manifest.csproj,/objectModel/CSharp/Microsoft.CommonDataModel.ObjectModel.Adapter.Adls/Microsoft.CommonDataModel.ObjectModel.Adapter.Adls.csproj,/objectModel/CSharp/Microsoft.CommonDataModel.ObjectModel.Tests/Microsoft.CommonDataModel.ObjectModel.Tests.csproj

Dependency Hierarchy: - :x: **microsoft.commondatamodel.objectmodel.1.1.0.nupkg** (Vulnerable Library)

objectmodel-1.1.0.jar

CDM SDK to work with semantic metadata of the Data

Library home page: https://github.com/Microsoft/CDM

Path to dependency file: /samples/7-search-partition-pattern/code-java/pom.xml

Path to vulnerable library: /er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar,/er/.m2/repository/com/microsoft/commondatamodel/objectmodel/1.1.0/objectmodel-1.1.0.jar

Dependency Hierarchy: - :x: **objectmodel-1.1.0.jar** (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Microsoft Common Data Model SDK Denial of Service Vulnerability

Publish Date: 2023-10-10

URL: CVE-2023-36566

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-vm2m-7hpw-fpmq

Release Date: 2023-10-10

Fix Resolution: 1.7.4

---

Step up your Open Source Security Game with Mend here