search

szb512 / PowerShell

PowerShell for every system!
https://microsoft.com/PowerShell
Other
0 stars 0 forks source link

CVE-2019-1301 (High) detected in multiple libraries #49

Open mend-bolt-for-github[bot] opened 4 years ago

mend-bolt-for-github[bot] commented 4 years ago

CVE-2019-1301 - High Severity Vulnerability

Vulnerable Libraries - microsoft.powershell.commands.diagnostics.6.1.1.nupkg, microsoft.powershell.sdk.6.1.1.nupkg, microsoft.wsman.management.6.1.1.nupkg

microsoft.powershell.commands.diagnostics.6.1.1.nupkg

PowerShell runtime for hosting PowerShell Core

Library home page: https://api.nuget.org/packages/microsoft.powershell.commands.diagnostics.6.1.1.nupkg

Path to dependency file: /tmp/ws-scm/PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Path to vulnerable library: /PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Dependency Hierarchy: - :x: **microsoft.powershell.commands.diagnostics.6.1.1.nupkg** (Vulnerable Library)

microsoft.powershell.sdk.6.1.1.nupkg

PowerShell runtime for hosting PowerShell Core

Library home page: https://api.nuget.org/packages/microsoft.powershell.sdk.6.1.1.nupkg

Path to dependency file: /tmp/ws-scm/PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Path to vulnerable library: /PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Dependency Hierarchy: - :x: **microsoft.powershell.sdk.6.1.1.nupkg** (Vulnerable Library)

microsoft.wsman.management.6.1.1.nupkg

PowerShell runtime for hosting PowerShell Core

Library home page: https://api.nuget.org/packages/microsoft.wsman.management.6.1.1.nupkg

Path to dependency file: /tmp/ws-scm/PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Path to vulnerable library: /PowerShell/docs/host-powershell/sample/MyApp/MyApp.csproj

Dependency Hierarchy: - :x: **microsoft.wsman.management.6.1.1.nupkg** (Vulnerable Library)

Found in HEAD commit: 1a9dbcaf39e8f6d7831289bdcbcf818974d91554

Vulnerability Details

A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'.

Publish Date: 2019-09-11

URL: CVE-2019-1301

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/dotnet/announcements/issues/121

Release Date: 2019-09-11

Fix Resolution: System.Management.Automation - 6.1.6,6.2.3

Step up your Open Source Security Game with WhiteSource here

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.57. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!

Links: app homepage, dashboard and code for this bot.