microsoft.owin.security.cookies.4.0.1.nupkg: 1 vulnerabilities (highest severity is: 8.7)

[mend-for-github-com]

Vulnerable Library - microsoft.owin.security.cookies.4.0.1.nupkg

Middleware that enables an application to use cookie based authentication, similar to ASP.NET's form...

Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.0.1.nupkg

Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.0.1/microsoft.owin.security.cookies.4.0.1.nupkg,/home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.0.1/microsoft.owin.security.cookies.4.0.1.nupkg

Vulnerabilities

CVE	Severity	CVSS	Exploit Maturity	EPSS	Dependency	Type	Fixed in (microsoft.owin.security.cookies.4.0.1.nupkg version)	Remediation Possible**	Reachability
CVE-2022-29117	High	8.7	Not Defined	0.2%	microsoft.owin.security.cookies.4.0.1.nupkg	Direct	Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-29117

Vulnerable Library - microsoft.owin.security.cookies.4.0.1.nupkg

Middleware that enables an application to use cookie based authentication, similar to ASP.NET's form...

Library home page: https://api.nuget.org/packages/microsoft.owin.security.cookies.4.0.1.nupkg

Path to dependency file: /build/NuSpecs/UmbracoCms.Web.nuspec

Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.0.1/microsoft.owin.security.cookies.4.0.1.nupkg,/home/wss-scanner/.nuget/packages/microsoft.owin.security.cookies/4.0.1/microsoft.owin.security.cookies.4.0.1.nupkg

Dependency Hierarchy:

• ❌ microsoft.owin.security.cookies.4.0.1.nupkg (Vulnerable Library)

Found in base branch: v8/contrib

Vulnerability Details

.NET and Visual Studio Denial of Service Vulnerability

Publish Date: 2022-05-10

URL: CVE-2022-29117

Threat Assessment

Exploit Maturity: Not Defined

EPSS: 0.2%

CVSS 4 Score Details (8.7)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

For more information on CVSS4 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-3rq8-h3gj-r5c6

Release Date: 2022-05-10

Fix Resolution: Microsoft.AspNetCore.App.Runtime - 3.1.25,5.0.17,6.0.5;Microsoft.Owin - 4.2.2;Microsoft.Owin.Security.Cookies - 4.2.2

In order to enable automatic remediation, please create workflow rules

---

In order to enable automatic remediation for this issue, please create workflow rules