Coder Social home page Coder Social logo

shaneclarke-whitesource / dotnet Goto Github PK

View Code? Open in Web Editor NEW

This project forked from microsoft/dotnet

0.0 0.0 0.0 3.11 MB

This repo is the official home of .NET on GitHub. It's a great starting point to find many .NET OSS projects from Microsoft and the community, including many that are part of the .NET Foundation.

Home Page: https://devblogs.microsoft.com/dotnet/

License: MIT License

C# 3.26% PowerShell 1.04% HTML 95.70%

dotnet's Introduction

.NET Home

This repository is a starting point to learn about and engage in .NET and .NET open source projects.

This repository is not an official .NET or .NET Framework support location, however, we will respond to issues filed here as best we can. Please file .NET product issues at main project repos below.

In this repository

Please contribute to this repository via pull requests

Finding .NET Open Source Projects

Here are some excellent community-maintained lists of projects & libraries:

There are many projects that you can use and contribute to, some of which are listed below. Please do contribute to these projects!

.NET

.NET Docs

.NET Framework

Xamarin

Community

Here is a short list of projects to check out:

There are additional templates available for dotnet new. For more information, see Available templates for dotnet new

.NET Foundation

Many .NET open source projects are part of the .NET Foundation. Microsoft has contributed many projects, including ASP.NET Core and .NET Core. You may want to consider joining the .NET Foundation.

Check out the .NET Foundation Forums to see what others are talking about, or start a new discussion to ask a question or make a point.

License

This repository is licensed with the MIT license.

dotnet's People

Contributors

richlander avatar hollyam avatar vivmishra avatar conniey avatar joshfree avatar terrajobst avatar merriemcgaw avatar preetikr avatar bruceforstall avatar alexghiondea avatar nikolamilosavljevic avatar kalaskarsanket avatar taraoverfield avatar danmoseley avatar saurabh500 avatar bleroy avatar svick avatar mairaw avatar jbe2277 avatar miguep avatar lxiamail avatar chlowell avatar honggit avatar punker76 avatar rladuca avatar noahfalk avatar jimcarley avatar nakarnam avatar tommcdon avatar scottisafool avatar

dotnet's Issues

system.componentmodel.annotations.4.3.0.nupkg: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - system.componentmodel.annotations.4.3.0.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (system.componentmodel.annotations.4.3.0.nupkg version) Remediation Possible**
CVE-2019-0820 High 7.5 system.text.regularexpressions.4.3.0.nupkg Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-0820

Vulnerable Library - system.text.regularexpressions.4.3.0.nupkg

Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...

Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Dependency Hierarchy:

  • system.componentmodel.annotations.4.3.0.nupkg (Root Library)
    • system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.

Publish Date: 2019-05-16

URL: CVE-2019-0820

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cmhx-cq75-c4mj

Release Date: 2019-05-16

Fix Resolution: System.Text.RegularExpressions - 4.3.1

microsoft.netcore.runtime.coreclr.1.1.2.nupkg: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - microsoft.netcore.runtime.coreclr.1.1.2.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.netcore.jit/1.1.2/microsoft.netcore.jit.1.1.2.nupkg

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (microsoft.netcore.runtime.coreclr.1.1.2.nupkg version) Remediation Possible**
CVE-2018-0875 High 7.5 microsoft.netcore.jit.1.1.2.nupkg Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-0875

Vulnerable Library - microsoft.netcore.jit.1.1.2.nupkg

The .NET JIT compiler. When using NuGet 3.x this package requires at least version 3.4.

Library home page: https://api.nuget.org/packages/microsoft.netcore.jit.1.1.2.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.netcore.jit/1.1.2/microsoft.netcore.jit.1.1.2.nupkg

Dependency Hierarchy:

  • microsoft.netcore.runtime.coreclr.1.1.2.nupkg (Root Library)
    • microsoft.netcore.jit.1.1.2.nupkg (Vulnerable Library)

Found in base branch: main

Vulnerability Details

.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".

Publish Date: 2018-03-14

URL: CVE-2018-0875

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-xcvr-qv8h-m7xw

Release Date: 2018-03-14

Fix Resolution: Microsoft.NETCore.Jit - 1.0.12,1.1.7,2.0.6

system.net.requests.4.3.0.nupkg: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - system.net.requests.4.3.0.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.2/system.net.http.4.3.2.nupkg

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (system.net.requests.4.3.0.nupkg version) Remediation Possible**
CVE-2018-8292 Medium 5.3 system.net.http.4.3.2.nupkg Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-8292

Vulnerable Library - system.net.http.4.3.2.nupkg

Provides a programming interface for modern HTTP applications, including HTTP client components that...

Library home page: https://api.nuget.org/packages/system.net.http.4.3.2.nupkg

Path to dependency file: /src/bc-readme-gen/bcreadgen.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.2/system.net.http.4.3.2.nupkg

Dependency Hierarchy:

  • system.net.requests.4.3.0.nupkg (Root Library)
    • system.net.http.4.3.2.nupkg (Vulnerable Library)

Found in base branch: main

Vulnerability Details

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Publish Date: 2018-10-10

URL: CVE-2018-8292

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-10-10

Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.