search

snowdensb / SharpZipLib

#ziplib is a Zip, GZip, Tar and BZip2 library written entirely in C# for the .NET platform.
http://icsharpcode.github.io/SharpZipLib/
MIT License
0 stars 0 forks source link

CVE-2019-0545 (High) detected in microsoft.netcore.app.2.1.0.nupkg - autoclosed #3

Closed mend-for-github-com[bot] closed 8 months ago

mend-for-github-com[bot] commented 2 years ago

CVE-2019-0545 - High Severity Vulnerability

Vulnerable Library - microsoft.netcore.app.2.1.0.nupkg

A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a687fb5cbaf60825500800f7 When using NuGet 3.x this package requires at least version 3.4.

Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg

Path to dependency file: /benchmark/ICSharpCode.SharpZipLib.Benchmark/ICSharpCode.SharpZipLib.Benchmark.csproj

Path to vulnerable library: /t/packages/microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg

Dependency Hierarchy: - :x: **microsoft.netcore.app.2.1.0.nupkg** (Vulnerable Library)

Found in HEAD commit: 2ac5abc61cbf469cde9f83f55cef736d3b743411

Found in base branch: master

Vulnerability Details

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.

Publish Date: 2019-01-08

URL: CVE-2019-0545

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2019-01-14

Fix Resolution: Microsoft.NETCore.App - 2.1.7,2.2.1

:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.

mend-for-github-com[bot] commented 8 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.