Moq is using Castle.Core which has an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure" #1219
Labels
Comments
sydseter
changed the title
|
We cannot really do anything about that until Castle.Core updates their dependencies. Once there is an updated Castle.Core release, Moq will follow suit very soon thereafter. |
|
@stakx suggest closing this then, unless you intend to keep it as a reminder to bump the Castle.Core version. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following vulnerable libraries were found: System.Net.Http@4.3.0 and System.Text.RegularExpressions@4.3.0
All issues for System.Net.Http@4.3.0 have been fixed in 4.3.4.
All issues for System.Text.RegularExpressions@4.3.0 have been fixed in 4.3.1
These are the vulnerabilities associated vulnerable paths:
✗ Denial of Service (DoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Improper Certificate Validation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60046 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Privilege Escalation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60047 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Authentication Bypass [Medium Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60048 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Information Exposure [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-72439 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 in System.Text.RegularExpressions@4.3
.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
This issue was fixed in versions: 4.3.1
The text was updated successfully, but these errors were encountered: