CVE-2019-0657 (Medium) detected in system.private.uri.4.3.0.nupkg
mend-bolt-for-github opened this issue · 0 comments
CVE-2019-0657 - Medium Severity Vulnerability
Vulnerable Library - system.private.uri.4.3.0.nupkg
Internal implementation package not meant for direct consumption. Please do not reference directly....
Library home page: https://api.nuget.org/packages/system.private.uri.4.3.0.nupkg
Path to vulnerable library: /packages/system.private.uri/4.3.0/system.private.uri.4.3.0.nupkg
Dependency Hierarchy:
- ❌ system.private.uri.4.3.0.nupkg (Vulnerable Library)
Found in HEAD commit: 15170da484d366175b3e70ba0b83b8fab75356fa
Vulnerability Details
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
Publish Date: 2019-03-05
URL: CVE-2019-0657
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://github.com/dotnet/corefx/issues/35265
Release Date: 2018-11-26
Fix Resolution: Microsoft.NETCore.App.nupkg - 2.1.8,2.2.2;System.Private.Uri.nupkg - 4.3.1
Step up your Open Source Security Game with WhiteSource here