CVE-2021-34532 (Medium) detected in microsoft.aspnetcore.authentication.jwtbearer.3.1.15.nupkg - autoclosed #19
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
mend-bolt-for-github
bot
changed the title
|
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-34532 - Medium Severity Vulnerability
ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.
This...
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.authentication.jwtbearer.3.1.15.nupkg
Path to dependency file: EDD-PointerApi/PointerApi/PointerApi.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.authentication.jwtbearer/3.1.15/microsoft.aspnetcore.authentication.jwtbearer.3.1.15.nupkg,canner/.nuget/packages/microsoft.aspnetcore.authentication.jwtbearer/3.1.15/microsoft.aspnetcore.authentication.jwtbearer.3.1.15.nupkg
Dependency Hierarchy:
Found in base branch: main
ASP.NET Cor is vulnerable to adds JWT tokens into the logfile if those can't be parsed correctly.
Publish Date: 2021-08-12
URL: CVE-2021-34532
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-q7cg-43mg-qp69
Release Date: 2021-08-12
Fix Resolution: Microsoft.AspNetCore.Authentication.JwtBearer - 2.1.30, 3.1.18, 5.0.9
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: