System.Web.Mvc-5.1.20821.0.dll: 1 vulnerabilities (highest severity is: 3.7)
Opened this issue · 0 comments
Vulnerable Library - System.Web.Mvc-5.1.20821.0.dll
System.Web.Mvc.dll
Library home page: https://api.nuget.org/packages/microsoft.aspnet.mvc.5.1.3.nupkg
Path to vulnerable library: /References/DNN/09.08.00/System.Web.Mvc.dll
Found in HEAD commit: 2db70b6cdbcc474cf1a7e2a73f7d20f87c3af815
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (System.Web.Mvc version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2014-4075 |  Low |
3.7 | System.Web.Mvc-5.1.20821.0.dll | Direct | Microsoft.AspNet.Mvc - 3.0.50813.1 ,4.0.40804.0 ,5.0.2, 5.1.3 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2014-4075
Vulnerable Library - System.Web.Mvc-5.1.20821.0.dll
System.Web.Mvc.dll
Library home page: https://api.nuget.org/packages/microsoft.aspnet.mvc.5.1.3.nupkg
Path to vulnerable library: /References/DNN/09.08.00/System.Web.Mvc.dll
Dependency Hierarchy:
- ❌ System.Web.Mvc-5.1.20821.0.dll (Vulnerable Library)
Found in HEAD commit: 2db70b6cdbcc474cf1a7e2a73f7d20f87c3af815
Found in base branch: dev
Vulnerability Details
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
Publish Date: 2014-10-15
URL: CVE-2014-4075
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2014-10-15
Fix Resolution: Microsoft.AspNet.Mvc - 3.0.50813.1 ,4.0.40804.0 ,5.0.2, 5.1.3
Step up your Open Source Security Game with Mend here