System.Web.Mvc-5.1.20821.0.dll: 1 vulnerabilities (highest severity is: 3.7)
mend-bolt-for-github opened this issue · 0 comments
Vulnerable Library - System.Web.Mvc-5.1.20821.0.dll
System.Web.Mvc.dll
Library home page: https://api.nuget.org/packages/microsoft.aspnet.mvc.5.1.3.nupkg
Path to vulnerable library: /References/DNN/09.03.02/System.Web.Mvc.dll
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (System.Web.Mvc version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2014-4075 |  Low |
3.7 | System.Web.Mvc-5.1.20821.0.dll | Direct | Microsoft.AspNet.Mvc - 3.0.50813.1 ,4.0.40804.0 ,5.0.2, 5.1.3 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2014-4075
Vulnerable Library - System.Web.Mvc-5.1.20821.0.dll
System.Web.Mvc.dll
Library home page: https://api.nuget.org/packages/microsoft.aspnet.mvc.5.1.3.nupkg
Path to vulnerable library: /References/DNN/09.03.02/System.Web.Mvc.dll
Dependency Hierarchy:
- ❌ System.Web.Mvc-5.1.20821.0.dll (Vulnerable Library)
Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785
Found in base branch: main
Vulnerability Details
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
Publish Date: 2014-10-15
URL: CVE-2014-4075
CVSS 3 Score Details (3.7)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2014-10-15
Fix Resolution: Microsoft.AspNet.Mvc - 3.0.50813.1 ,4.0.40804.0 ,5.0.2, 5.1.3
Step up your Open Source Security Game with Mend here