microsoft.owin.security.cookies.4.1.0.nupkg: 1 vulnerabilities (highest severity is: 8.7)

[mend-for-github-com[bot]]

Vulnerable Library - microsoft.owin.security.cookies.4.1.0.nupkg

Middleware that enables an application to use cookie based authentication, similar to ASP.NET's form...

Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.1.0.nupkg

Path to dependency file: /tests/VerifyMicrosoftPackage.Facts/VerifyMicrosoftPackage.Facts.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.1.0/microsoft.owin.security.cookies.4.1.0.nupkg

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (microsoft.owin.security.cookies.4.1.0.nupkg version)	Remediation Possible**	Reachability
CVE-2022-29117	High	8.7	Unproven	0.2%	microsoft.owin.security.cookies.4.1.0.nupkg	Direct	Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-29117

### Vulnerable Library - microsoft.owin.security.cookies.4.1.0.nupkg

Middleware that enables an application to use cookie based authentication, similar to ASP.NET's form...

Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.1.0.nupkg

Path to dependency file: /tests/VerifyMicrosoftPackage.Facts/VerifyMicrosoftPackage.Facts.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.1.0/microsoft.owin.security.cookies.4.1.0.nupkg

Dependency Hierarchy: - :x: **microsoft.owin.security.cookies.4.1.0.nupkg** (Vulnerable Library)

Found in base branch: main

### Vulnerability Details

.NET and Visual Studio Denial of Service Vulnerability

Publish Date: 2022-05-10

URL: CVE-2022-29117

### Threat Assessment

Exploit Maturity: Unproven

EPSS: 0.2%

### CVSS 4 Score Details (8.7)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A

For more information on CVSS4 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

Release Date: 2022-05-10

Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2

In order to enable automatic remediation, please create workflow rules

---

In order to enable automatic remediation for this issue, please create workflow rules