UpendoVentures/Upendo-Dnn-Prompt

Microsoft.ApplicationBlocks.Data-2.0.0.0.dll: 1 vulnerabilities (highest severity is: 8.8) - autoclosed

Closed this issue · 1 comments

mend-bolt-for-github commented
Vulnerable Library - Microsoft.ApplicationBlocks.Data-2.0.0.0.dll

Library home page: https://api.nuget.org/packages/dnnmodule.1.0.0.nupkg

Path to vulnerable library: /References/DNN/09.03.02/Microsoft.ApplicationBlocks.Data.dll

Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (Microsoft.ApplicationBlocks.Data version) Remediation Available
CVE-2017-9822 High 8.8 Microsoft.ApplicationBlocks.Data-2.0.0.0.dll Direct 9.1.1

Details

CVE-2017-9822

Vulnerable Library - Microsoft.ApplicationBlocks.Data-2.0.0.0.dll

Library home page: https://api.nuget.org/packages/dnnmodule.1.0.0.nupkg

Path to vulnerable library: /References/DNN/09.03.02/Microsoft.ApplicationBlocks.Data.dll

Dependency Hierarchy:

  • Microsoft.ApplicationBlocks.Data-2.0.0.0.dll (Vulnerable Library)

Found in HEAD commit: 34d11f1fc219eef34bab125547d2716a9a9ac785

Found in base branch: main

Vulnerability Details

DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cookie, aka "2017-08 (Critical) Possible remote code execution on DNN sites."

Publish Date: 2017-07-20

URL: CVE-2017-9822

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-9822

Release Date: 2017-07-20

Fix Resolution: 9.1.1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github commented

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.