NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.
0
stars
0
forks
source link
microsoft.owin.security.cookies.4.1.0.nupkg: 1 vulnerabilities (highest severity is: 8.7) #56
Open
mend-for-github-com[bot] opened 1 year ago
Vulnerable Library - microsoft.owin.security.cookies.4.1.0.nupkg
Middleware that enables an application to use cookie based authentication, similar to ASP.NET's form...
Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.1.0.nupkg
Path to dependency file: /tests/VerifyMicrosoftPackage.Facts/VerifyMicrosoftPackage.Facts.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.1.0/microsoft.owin.security.cookies.4.1.0.nupkg
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-29117
### Vulnerable Library - microsoft.owin.security.cookies.4.1.0.nupkgMiddleware that enables an application to use cookie based authentication, similar to ASP.NET's form...
Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.1.0.nupkg
Path to dependency file: /tests/VerifyMicrosoftPackage.Facts/VerifyMicrosoftPackage.Facts.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.1.0/microsoft.owin.security.cookies.4.1.0.nupkg
Dependency Hierarchy: - :x: **microsoft.owin.security.cookies.4.1.0.nupkg** (Vulnerable Library)
Found in base branch: main
### Vulnerability Details.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2022-05-10
URL: CVE-2022-29117
### Threat AssessmentExploit Maturity: Unproven
EPSS: 0.2%
### CVSS 4 Score Details (8.7)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: N/A - Impact Metrics: - Confidentiality Impact: N/A - Integrity Impact: N/A - Availability Impact: N/A
For more information on CVSS4 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Release Date: 2022-05-10
Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules