Add net8 build of OpenRiaServices.Hosting.AspNetCore #479
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2024-0056Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Framework/OpenRiaServices.Server.EntityFrameworkCore.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.1.4/microsoft.data.sqlclient.2.1.4.nupkg Dependency Hierarchy: -> EFCoreModels-1.0.0 (Root Library) -> microsoft.entityframeworkcore.sqlserver.6.0.26.nupkg -> ❌ microsoft.data.sqlclient.2.1.4.nupkg (Vulnerable Library) |
 High |
8.7 | microsoft.data.sqlclient.2.1.4.nupkg | Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 | None |
CVE-2024-21319Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Framework/OpenRiaServices.Server.EntityFrameworkCore.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/6.8.0/system.identitymodel.tokens.jwt.6.8.0.nupkg Dependency Hierarchy: -> EFCoreModels-1.0.0 (Root Library) -> microsoft.entityframeworkcore.sqlserver.6.0.26.nupkg -> microsoft.data.sqlclient.2.1.4.nupkg -> microsoft.identitymodel.protocols.openidconnect.6.8.0.nupkg -> ❌ system.identitymodel.tokens.jwt.6.8.0.nupkg (Vulnerable Library) |
 Medium |
6.8 | system.identitymodel.tokens.jwt.6.8.0.nupkg | Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 | None |
CVE-2024-21319Path to dependency file: /src/VisualStudio/Tools/Test/OpenRiaServices.VisualStudio.DomainServices.Tools.Test.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/5.5.0/system.identitymodel.tokens.jwt.5.5.0.nupkg Dependency Hierarchy: -> EFCoreModels-1.0.0 (Root Library) -> microsoft.entityframeworkcore.sqlserver.3.1.32.nupkg -> microsoft.data.sqlclient.1.1.3.nupkg -> microsoft.identitymodel.protocols.openidconnect.5.5.0.nupkg -> ❌ system.identitymodel.tokens.jwt.5.5.0.nupkg (Vulnerable Library) |
Medium |
6.8 | system.identitymodel.tokens.jwt.5.5.0.nupkg | Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 | None |
CVE-2024-21319Path to dependency file: /src/OpenRiaServices.Server.EntityFrameworkCore/Framework/OpenRiaServices.Server.EntityFrameworkCore.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/6.8.0/microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg Dependency Hierarchy: -> EFCoreModels-1.0.0 (Root Library) -> microsoft.entityframeworkcore.sqlserver.6.0.26.nupkg -> microsoft.data.sqlclient.2.1.4.nupkg -> microsoft.identitymodel.protocols.openidconnect.6.8.0.nupkg -> system.identitymodel.tokens.jwt.6.8.0.nupkg -> ❌ microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg (Vulnerable Library) |
Medium |
6.8 | microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg | Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 | None |
CVE-2024-21319Path to dependency file: /src/VisualStudio/Tools/Test/OpenRiaServices.VisualStudio.DomainServices.Tools.Test.csproj Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/5.5.0/microsoft.identitymodel.jsonwebtokens.5.5.0.nupkg Dependency Hierarchy: -> EFCoreModels-1.0.0 (Root Library) -> microsoft.entityframeworkcore.sqlserver.3.1.32.nupkg -> microsoft.data.sqlclient.1.1.3.nupkg -> microsoft.identitymodel.protocols.openidconnect.5.5.0.nupkg -> system.identitymodel.tokens.jwt.5.5.0.nupkg -> ❌ microsoft.identitymodel.jsonwebtokens.5.5.0.nupkg (Vulnerable Library) |
Medium |
6.8 | microsoft.identitymodel.jsonwebtokens.5.5.0.nupkg | Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 | None |
Base branch total remaining vulnerabilities: 6
Base branch commit: 415f3ec30ce94408469ccfbefb52e6233abba74c
Total libraries scanned: 292
Scan token: f0f0574e426b467d980628317364beaa