DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll: 1 vulnerabilities (highest severity is: 5.4)
Opened this issue · 0 comments
Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll
DotNetNuke.Modules.DigitalAssets
Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg
Path to vulnerable library: /References/DNN/09.08.00/DotNetNuke.Modules.DigitalAssets.dll
Found in HEAD commit: 2db70b6cdbcc474cf1a7e2a73f7d20f87c3af815
Vulnerabilities
CVE | Severity | Dependency | Type | Fixed in (DotNetNuke.Modules.DigitalAssets version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2022-47053 | 5.4 | DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll | Direct | DotNetNuke.Bundle - 9.11.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-47053
Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll
DotNetNuke.Modules.DigitalAssets
Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.8.0.nupkg
Path to vulnerable library: /References/DNN/09.08.00/DotNetNuke.Modules.DigitalAssets.dll
Dependency Hierarchy:
- ❌ DotNetNuke.Modules.DigitalAssets-9.8.0.0.dll (Vulnerable Library)
Found in HEAD commit: 2db70b6cdbcc474cf1a7e2a73f7d20f87c3af815
Found in base branch: dev
Vulnerability Details
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.
Publish Date: 2023-04-12
URL: CVE-2022-47053
CVSS 3 Score Details (5.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2023-04-12
Fix Resolution: DotNetNuke.Bundle - 9.11.0
Step up your Open Source Security Game with Mend here