CVE-2018-0764 (High) detected in system.security.cryptography.xml.4.4.1.nupkg - autoclosed
Closed this issue · 1 comments
CVE-2018-0764 - High Severity Vulnerability
Vulnerable Library - system.security.cryptography.xml.4.4.1.nupkg
Provides classes to support the creation and validation of XML digital signatures. The classes in th...
Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.4.4.1.nupkg
Path to dependency file: MvcAreasForEPiServer/src/MvcAreasForEPiServer/MvcAreasForEPiServer.csproj
Path to vulnerable library: /dotnet_FTZGBK/20211118100056/System.Security.Cryptography.Xml.4.4.1/System.Security.Cryptography.Xml.4.4.1.nupkg
Dependency Hierarchy:
- ❌ system.security.cryptography.xml.4.4.1.nupkg (Vulnerable Library)
Found in HEAD commit: 93afd136db816f65690c05bd5f312a9a5c3562fe
Vulnerability Details
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765.
Publish Date: 2018-01-10
URL: CVE-2018-0764
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764
Release Date: 2018-01-10
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.