Security Vulnerabilities in Chutzpah 4.4.11

[serhiypukhanov]

1 Description ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. Recommendation Upgrade to version Microsoft.AspNetCore.Server.IISIntegration - 2.1.0, Microsoft.AspNetCore.Hosting - 2.1.0

2 Description .NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Recommendation Upgrade to version System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1

3 Description A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'. Recommendation Upgrade to version Microsoft.AspNetCore.App - 2.1.22, Microsoft.AspNetCore.All - 2.1.22,Microsoft.NETCore.App - 2.1.22, Microsoft.AspNetCore.Http - 2.1.22

4 Chutzpah.4.4.11/tools/Node/packages/node_modules/ws/package.json Recommendation Upgrade ws from 5.2.2 to 5.2.3 to fix the vulnerability. Chutzpah.4.4.11/tools/Node/packages/node_modules/puppeteer-core/node_modules/ws/package.json Recommendation Upgrade ws from 6.2.1 to 6.2.2 to fix the vulnerability.

5 Chutzpah.4.4.11/tools/Node/packages/node_modules/ajv/package.json Recommendation Upgrade to version ajv - 6.12.3

[F-Forget]

I'm also seeing those vulnerabilities and I think I'd be very important to fix them!

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.