Roslyn analyzers that spot Bugs, Vulnerabilities and Code Smells in your code. For an even better overall experience, you can use SonarLint for Visual Studio, which is a free extension that can be used standalone or with SonarQube and/or SonarCloud.
Roslyn analyzers that spot Bugs, Vulnerabilities and Code Smells in your code. For an even better overall experience, you can use SonarLint for Visual Studio, which is a free extension that can be used standalone or with SonarQube and/or SonarCloud.
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
Roslyn analyzers that spot Bugs, Vulnerabilities and Code Smells in your code. For an even better overall experience, you can use SonarLint for Visual Studio, which is a free extension that can be used standalone or with SonarQube and/or SonarCloud.
Library home page: https://api.nuget.org/packages/sonaranalyzer.csharp.8.54.0.64047.nupkg
Path to dependency file: /Flake/Flake.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sonaranalyzer.csharp/8.54.0.64047/sonaranalyzer.csharp.8.54.0.64047.nupkg
Found in HEAD commit: 2ba858e2d37f2eb2ce822229ce8d3e487ec35d58
Vulnerabilities
Details
CVE-2021-22570
### Vulnerable Library - sonaranalyzer.csharp.8.54.0.64047.nupkgRoslyn analyzers that spot Bugs, Vulnerabilities and Code Smells in your code. For an even better overall experience, you can use SonarLint for Visual Studio, which is a free extension that can be used standalone or with SonarQube and/or SonarCloud.
Library home page: https://api.nuget.org/packages/sonaranalyzer.csharp.8.54.0.64047.nupkg
Path to dependency file: /Flake/Flake.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sonaranalyzer.csharp/8.54.0.64047/sonaranalyzer.csharp.8.54.0.64047.nupkg
Dependency Hierarchy: - :x: **sonaranalyzer.csharp.8.54.0.64047.nupkg** (Vulnerable Library)
Found in HEAD commit: 2ba858e2d37f2eb2ce822229ce8d3e487ec35d58
Found in base branch: main
### Vulnerability DetailsNullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
Publish Date: 2022-01-26
URL: CVE-2021-22570
### CVSS 3 Score Details (5.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/advisories/GHSA-77rm-9x9h-xj3g
Release Date: 2022-01-26
Fix Resolution: Google.Protobuf - 3.15.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)