Moq is using Castle.Core which has an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure" #1219
Labels
Comments
sydseter
changed the title
|
We cannot really do anything about that until Castle.Core updates their dependencies. Once there is an updated Castle.Core release, Moq will follow suit very soon thereafter. |
|
@stakx suggest closing this then, unless you intend to keep it as a reminder to bump the Castle.Core version. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The following vulnerable libraries were found: [email protected] and [email protected]
All issues for [email protected] have been fixed in 4.3.4.
All issues for [email protected] have been fixed in 4.3.1
These are the vulnerabilities associated vulnerable paths:
✗ Denial of Service (DoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045 in [email protected]
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Improper Certificate Validation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60046 in [email protected]
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Privilege Escalation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60047 in [email protected]
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Authentication Bypass [Medium Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60048 in [email protected]
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Information Exposure [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-72439 in [email protected]
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 in [email protected]
.0
introduced by:
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected] > [email protected]
[email protected] > [email protected] > [email protected] > [email protected] > [email protected]
This issue was fixed in versions: 4.3.1
The text was updated successfully, but these errors were encountered: