compreface-net-sdk icon indicating copy to clipboard operation
compreface-net-sdk copied to clipboard

Published 20 hours ago verified publisher icon exadel-inc

avalonia.desktop.0.10.19.nupkg: 1 vulnerabilities (highest severity is: 9.8)

Open mend-bolt-for-github[bot] opened this issue 2 years ago • 0 comments

Vulnerable Library - avalonia.desktop.0.10.19.nupkg

Path to dependency file: /RecognitionExampleApp/RecognitionExampleApp.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/4.5.0/system.drawing.common.4.5.0.nupkg

Found in HEAD commit: 20fbd6616faee0f2cf91a2b072b864f7e78d2b80

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (avalonia.desktop.0.10.19.nupkg version) Remediation Available
CVE-2021-24112 High 9.8 system.drawing.common.4.5.0.nupkg Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2021-24112

Vulnerable Library - system.drawing.common.4.5.0.nupkg

Provides access to GDI+ graphics functionality.

Commonly Used Types: System.Drawing.Bitmap System.D...

Library home page: https://api.nuget.org/packages/system.drawing.common.4.5.0.nupkg

Path to dependency file: /RecognitionExampleApp/RecognitionExampleApp.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/4.5.0/system.drawing.common.4.5.0.nupkg

Dependency Hierarchy:

  • avalonia.desktop.0.10.19.nupkg (Root Library)
    • avalonia.win32.0.10.19.nupkg
      • :x: system.drawing.common.4.5.0.nupkg (Vulnerable Library)

Found in HEAD commit: 20fbd6616faee0f2cf91a2b072b864f7e78d2b80

Found in base branch: main

Vulnerability Details

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.

Publish Date: 2021-02-25

URL: CVE-2021-24112

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-rxg9-xrhp-64gj

Release Date: 2021-02-25

Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar May 12 '23 09:05 mend-bolt-for-github[bot]