You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Moq is using Castle.Core which has an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure"
#1219
Closed
sydseter opened this issue
Nov 29, 2021
· 2 comments
· Fixed by #1257
The following vulnerable libraries were found: System.Net.Http@4.3.0 and System.Text.RegularExpressions@4.3.0
All issues for System.Net.Http@4.3.0 have been fixed in 4.3.4.
All issues for System.Text.RegularExpressions@4.3.0 have been fixed in 4.3.1
These are the vulnerabilities associated vulnerable paths:
✗ Denial of Service (DoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Improper Certificate Validation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60046 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Privilege Escalation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60047 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Authentication Bypass [Medium Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60048 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Information Exposure [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-72439 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 in System.Text.RegularExpressions@4.3
.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
This issue was fixed in versions: 4.3.1
The text was updated successfully, but these errors were encountered:
sydseter
changed the title
Moq is using an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure"
Moq is using Castle.Core which has an old version of System.Net.Http which is vulnerable to "DoS", "Spoofing", "Privilege Escalation", "Authentication Bypass" and "Information Exposure"
Nov 29, 2021
We cannot really do anything about that until Castle.Core updates their dependencies. Once there is an updated Castle.Core release, Moq will follow suit very soon thereafter.
The following vulnerable libraries were found: System.Net.Http@4.3.0 and System.Text.RegularExpressions@4.3.0
All issues for System.Net.Http@4.3.0 have been fixed in 4.3.4.
All issues for System.Text.RegularExpressions@4.3.0 have been fixed in 4.3.1
These are the vulnerabilities associated vulnerable paths:
✗ Denial of Service (DoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Improper Certificate Validation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60046 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Privilege Escalation [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60047 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Authentication Bypass [Medium Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60048 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 4.1.2, 4.3.2
✗ Information Exposure [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-72439 in System.Net.Http@4.3.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0
This issue was fixed in versions: 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4
✗ Regular Expression Denial of Service (ReDoS) [High Severity]https://snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 in System.Text.RegularExpressions@4.3
.0
introduced by:
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0
Moq@4.16.1 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
xunit@2.4.1 > xunit.assert@2.4.1 > NETStandard.Library@1.6.1 > System.Xml.ReaderWriter@4.3.0 > System.Text.RegularExpressions@4.3.0
This issue was fixed in versions: 4.3.1
The text was updated successfully, but these errors were encountered: