-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MangoAPI.BusinessLogic-1.0.0: 7 vulnerabilities (highest severity is: 8.8) #331
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
Security vulnerability detected by Mend
label
Jan 8, 2023
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 2 vulnerabilities (highest severity is: 9.8)
MangoAPI.BusinessLogic-1.0.0: 1 vulnerabilities (highest severity is: 9.8)
Mar 16, 2023
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 1 vulnerabilities (highest severity is: 9.8)
MangoAPI.BusinessLogic-1.0.0: 2 vulnerabilities (highest severity is: 9.8)
Dec 15, 2023
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 2 vulnerabilities (highest severity is: 9.8)
MangoAPI.BusinessLogic-1.0.0: 4 vulnerabilities (highest severity is: 8.8)
Feb 29, 2024
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 4 vulnerabilities (highest severity is: 8.8)
MangoAPI.BusinessLogic-1.0.0: 5 vulnerabilities (highest severity is: 8.8)
Apr 14, 2024
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 5 vulnerabilities (highest severity is: 8.8)
MangoAPI.BusinessLogic-1.0.0: 6 vulnerabilities (highest severity is: 8.8)
Jun 13, 2024
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 6 vulnerabilities (highest severity is: 8.8)
MangoAPI.BusinessLogic-1.0.0: 7 vulnerabilities (highest severity is: 8.8)
Jul 14, 2024
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 7 vulnerabilities (highest severity is: 8.8)
MangoAPI.BusinessLogic-1.0.0: 8 vulnerabilities (highest severity is: 8.8)
Jul 31, 2024
mend-bolt-for-github
bot
changed the title
MangoAPI.BusinessLogic-1.0.0: 8 vulnerabilities (highest severity is: 8.8)
MangoAPI.BusinessLogic-1.0.0: 7 vulnerabilities (highest severity is: 8.8)
Jul 31, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
0 participants
Vulnerable Library - MangoAPI.BusinessLogic-1.0.0
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-36414
Vulnerable Library - azure.identity.1.3.0.nupkg
This is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.3.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.3.0/azure.identity.1.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
Azure Identity SDK Remote Code Execution Vulnerability
Publish Date: 2023-10-10
URL: CVE-2023-36414
CVSS 3 Score Details (8.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-36414
Release Date: 2023-10-10
Fix Resolution: Azure.Identity - 1.10.2
Step up your Open Source Security Game with Mend here
CVE-2024-0056
Vulnerable Libraries - microsoft.data.sqlclient.2.1.4.nupkg, microsoft.data.sqlclient.4.0.0.nupkg
microsoft.data.sqlclient.2.1.4.nupkg
Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.1.4.nupkg
Path to dependency file: /MangoAPI.BusinessLogic/MangoAPI.BusinessLogic.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.1.4/microsoft.data.sqlclient.2.1.4.nupkg
Dependency Hierarchy:
microsoft.data.sqlclient.4.0.0.nupkg
Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.4.0.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/4.0.0/microsoft.data.sqlclient.4.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Publish Date: 2024-01-09
URL: CVE-2024-0056
CVSS 3 Score Details (8.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-98g6-xh36-x2p7
Release Date: 2024-01-09
Fix Resolution: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6
Step up your Open Source Security Game with Mend here
CVE-2021-24112
Vulnerable Libraries - system.drawing.common.4.7.0.nupkg, system.drawing.common.5.0.0.nupkg
system.drawing.common.4.7.0.nupkg
Provides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.4.7.0.nupkg
Path to dependency file: /MangoAPI.BusinessLogic/MangoAPI.BusinessLogic.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/4.7.0/system.drawing.common.4.7.0.nupkg
Dependency Hierarchy:
system.drawing.common.5.0.0.nupkg
Provides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
.NET Core Remote Code Execution Vulnerability
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Step up your Open Source Security Game with Mend here
CVE-2024-38095
Vulnerable Library - system.formats.asn1.5.0.0.nupkg
Provides classes that can read and write the ASN.1 BER, CER, and DER data formats.
Commonly Used Ty...
Library home page: https://api.nuget.org/packages/system.formats.asn1.5.0.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.formats.asn1/5.0.0/system.formats.asn1.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
.NET and Visual Studio Denial of Service Vulnerability
Publish Date: 2024-07-09
URL: CVE-2024-38095
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-447r-wph3-92pm
Release Date: 2024-07-09
Fix Resolution: Microsoft.NetCore.App.Runtime - 6.0.32,8.0.7, System.Formats.Asn1 - 6.0.1,8.0.1
Step up your Open Source Security Game with Mend here
CVE-2024-21319
Vulnerable Libraries - system.identitymodel.tokens.jwt.6.10.0.nupkg, microsoft.identitymodel.jsonwebtokens.6.10.0.nupkg
system.identitymodel.tokens.jwt.6.10.0.nupkg
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/system.identitymodel.tokens.jwt.6.10.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/6.10.0/system.identitymodel.tokens.jwt.6.10.0.nupkg
Dependency Hierarchy:
microsoft.identitymodel.jsonwebtokens.6.10.0.nupkg
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/microsoft.identitymodel.jsonwebtokens.6.10.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/6.10.0/microsoft.identitymodel.jsonwebtokens.6.10.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
Microsoft Identity Denial of service vulnerability
Publish Date: 2024-01-09
URL: CVE-2024-21319
CVSS 3 Score Details (6.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g9c-28fc-mcx2
Release Date: 2024-01-09
Fix Resolution: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2
Step up your Open Source Security Game with Mend here
CVE-2024-35255
Vulnerable Library - azure.identity.1.3.0.nupkg
This is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.3.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.3.0/azure.identity.1.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Publish Date: 2024-06-11
URL: CVE-2024-35255
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-m5vv-6r4h-3vj9
Release Date: 2024-06-11
Fix Resolution: @azure/identity - 4.2.1, @azure/msal-node - 2.9.1, Azure.Identity - 1.11.4, Microsoft.Identity.Client - 4.61.3, azure-identity - 1.16.1, com.azure:azure-identity:1.12.2, github.com/Azure/azure-sdk-for-go/sdk/azidentity - 1.6.0
Step up your Open Source Security Game with Mend here
CVE-2024-29992
Vulnerable Library - azure.identity.1.3.0.nupkg
This is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.3.0.nupkg
Path to dependency file: /MangoAPI.IntegrationTests/MangoAPI.IntegrationTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.3.0/azure.identity.1.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c9bb5bd04415d4d387e12646c7ce749fd8ffae2
Found in base branch: main
Vulnerability Details
Azure Identity Library for .NET Information Disclosure Vulnerability
Publish Date: 2024-04-09
URL: CVE-2024-29992
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-wvxc-855f-jvrv
Release Date: 2024-04-09
Fix Resolution: Azure.Identity - 1.11.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: