Export_Word_Excel_PDF_CSV_HTML icon indicating copy to clipboard operation
Export_Word_Excel_PDF_CSV_HTML copied to clipboard
verified publisher icon ignatandrei

CVE-2018-8269 (High) detected in microsoft.data.odata.5.2.0.nupkg

Open mend-bolt-for-github[bot] opened this issue 6 years ago • 0 comments

CVE-2018-8269 - High Severity Vulnerability

Vulnerable Library - microsoft.data.odata.5.2.0.nupkg

Classes to serialize, deserialize and validate OData payloads. Enables construction of OData produce...

Library home page: https://api.nuget.org/packages/microsoft.data.odata.5.2.0.nupkg

Path to vulnerable library: /Export_Word_Excel_PDF_CSV_HTML/ExportDemo1/packages/Microsoft.Data.OData.5.2.0/Microsoft.Data.OData.5.2.0.nupkg

Dependency Hierarchy:

  • :x: microsoft.data.odata.5.2.0.nupkg (Vulnerable Library)

Found in HEAD commit: ac1c6324d66f6592541630cad9e7ea4d6b5cb2a4

Vulnerability Details

A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.

Publish Date: 2018-09-13

URL: CVE-2018-8269

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://alephsecurity.com/vulns/aleph-2018001

Release Date: 2018-09-13

Fix Resolution: 5.8.4

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Nov 01 '19 18:11 mend-bolt-for-github[bot]