CVE-2021-34532 (Medium) detected in microsoft.aspnetcore.authentication.jwtbearer.2.0.4.nupkg #43
Labels
security vulnerability
Security vulnerability detected by Mend
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
CVE-2021-34532 - Medium Severity Vulnerability
ASP.NET Core middleware that enables an application to receive an OpenID Connect bearer token.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.authentication.jwtbearer.2.0.4.nupkg
Path to dependency file: /src/TestWebSite/TestWebSite.csproj
Path to vulnerable library: /net_WCHIOT/20220708123352/microsoft.aspnetcore.authentication.jwtbearer/2.0.4/microsoft.aspnetcore.authentication.jwtbearer.2.0.4.nupkg
Dependency Hierarchy:
Found in HEAD commit: 1acdde0e5e2173fc9be87dbb3080ebd3037e487b
Found in base branch: master
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Publish Date: 2021-08-12
URL: CVE-2021-34532
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-q7cg-43mg-qp69
Release Date: 2021-08-12
Fix Resolution: Microsoft.AspNetCore.Authentication.JwtBearer - 2.1.30, 3.1.18, 5.0.9
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: