CVE-2021-24112 (High) detected in system.drawing.common.5.0.0.nupkg
Opened this issue · 0 comments
CVE-2021-24112 - High Severity Vulnerability
Vulnerable Library - system.drawing.common.5.0.0.nupkg
Provides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /test/EdlinSoftware.JsonPatch.Tests/EdlinSoftware.JsonPatch.Tests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
- shouldly.4.0.3.nupkg (Root Library)
- diffengine.6.4.9.nupkg
- microsoft.windows.compatibility.5.0.0.nupkg
- system.data.oledb.5.0.0.nupkg
- system.diagnostics.performancecounter.5.0.0.nupkg
- system.configuration.configurationmanager.5.0.0.nupkg
- system.security.permissions.5.0.0.nupkg
- system.windows.extensions.5.0.0.nupkg
- ❌ system.drawing.common.5.0.0.nupkg (Vulnerable Library)
- system.windows.extensions.5.0.0.nupkg
- system.security.permissions.5.0.0.nupkg
- system.configuration.configurationmanager.5.0.0.nupkg
- system.diagnostics.performancecounter.5.0.0.nupkg
- system.data.oledb.5.0.0.nupkg
- microsoft.windows.compatibility.5.0.0.nupkg
- diffengine.6.4.9.nupkg
Found in HEAD commit: 0dd411f46a9ccf311bcb23c5da9b5c4694d3fae5
Found in base branch: master
Vulnerability Details
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Step up your Open Source Security Game with Mend here