Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible missed log4net vulnerability - when using Visual Studio 2019 #41

Open
mshiels opened this issue Aug 26, 2021 · 0 comments
Open

Comments

@mshiels
Copy link

mshiels commented Aug 26, 2021

Under 2017 it's reported as a vulnerability but under 2019 it appears scanned - yet not report - here is the scan output - showing it did scan it, but somehow the report can't be trusted I think, right??

Auditing 12 packages and their dependencies in solution 'Print2Fax'.
Finding dependencies...
done.
Packages audited:

  • JetBrains.Annotations@11.1.0
  • log4net@2.0.8
  • Microsoft.Exchange.WebServices@2.2.0
  • Microsoft.Office.Interop.Outlook@15.0.4797.1003
  • System.DirectoryServices@4.0.0
  • Castle.Core@4.0.0
  • Moq@4.7.8
  • Prism.Core@6.2.0
  • CommonServiceLocator@1.3.0
  • Prism.Wpf@6.2.0
  • Unity@4.0.1
  • Prism.Unity@6.2.0
  • System.Runtime@4.1.0
  • NETStandard.Library@1.6.1
  • System.AppContext@4.3.0
  • System.Collections.NonGeneric@4.0.1
  • System.Console@4.3.0
  • System.Data.Common@4.1.0
  • System.Diagnostics.Debug@4.3.0
  • System.Diagnostics.Process@4.1.0
  • System.Diagnostics.StackTrace@4.0.1
  • System.Diagnostics.TraceSource@4.0.0
  • System.IO.FileSystem@4.3.0
  • System.IO.FileSystem.Watcher@4.0.0
  • System.Linq@4.3.0
  • System.Net.NameResolution@4.0.0
  • System.Net.Requests@4.0.11
  • System.Net.Sockets@4.3.0
  • System.Reflection@4.3.0
  • System.Reflection.Extensions@4.3.0
  • System.Reflection.TypeExtensions@4.1.0
  • System.Runtime.Extensions@4.3.0
  • System.Runtime.InteropServices@4.3.0
  • System.Runtime.InteropServices.RuntimeInformation@4.3.0
  • System.Runtime.Serialization.Formatters@4.3.0
  • System.Text.Encoding@4.3.0
  • System.Text.RegularExpressions@4.3.0
  • System.Threading@4.3.0
  • System.Threading.Thread@4.0.0
  • System.Threading.Timer@4.3.0
  • System.Xml.ReaderWriter@4.3.0
  • System.Xml.XmlDocument@4.0.1
  • System.Configuration.ConfigurationManager@4.5.0
  • System.AppContext@4.1.0
  • System.Collections.Specialized@4.0.1
  • System.ComponentModel.TypeConverter@4.0.1
  • System.Console@4.0.0
  • System.Diagnostics.Debug@4.0.11
  • System.Diagnostics.Tools@4.0.1
  • System.Dynamic.Runtime@4.0.11
  • System.Globalization@4.0.11
  • System.IO.FileSystem@4.0.1
  • System.Linq@4.1.0
  • System.ObjectModel@4.0.12
  • System.Reflection@4.1.0
  • System.Reflection.Emit@4.0.1
  • System.Reflection.Emit.Lightweight@4.0.1
  • System.Reflection.Extensions@4.0.1
  • System.Resources.ResourceManager@4.0.1
  • System.Runtime.Extensions@4.1.0
  • System.Runtime.InteropServices@4.1.0
  • System.Threading@4.0.11
  • System.Xml.XmlSerializer@4.0.11
  • System.Collections@4.0.11
  • System.Collections.Concurrent@4.0.12
  • System.Linq.Expressions@4.1.0
  • System.Linq.Queryable@4.0.1
  • System.Reflection.Emit.ILGeneration@4.0.1
  • System.Reflection.Primitives@4.0.1
  • System.Text.RegularExpressions@4.1.0
  • System.Threading.Tasks@4.0.11
  • Prism.Windows@6.0.2
  • System.Diagnostics.Debug@4.0.10
  • System.Globalization@4.0.10
  • System.Runtime@4.0.20
  • System.Threading.Tasks@4.0.10
  • Microsoft.NETCore.Platforms@1.0.1
  • Microsoft.NETCore.Targets@1.0.1
  • Microsoft.NETCore.Platforms@1.1.0
  • System.Collections@4.3.0
  • System.Diagnostics.Tools@4.3.0
  • System.Globalization@4.3.0
  • System.IO@4.3.0
  • System.Linq.Expressions@4.3.0
  • System.Net.Primitives@4.3.0
  • System.ObjectModel@4.3.0
  • System.Reflection.Primitives@4.3.0
  • System.Resources.ResourceManager@4.3.0
  • System.Runtime@4.3.0
  • System.Text.Encoding.Extensions@4.3.0
  • System.Threading.Tasks@4.3.0
  • System.Xml.XDocument@4.3.0
  • System.Collections.Concurrent@4.3.0
  • System.Diagnostics.Tracing@4.3.0
  • System.IO.Compression@4.3.0
  • System.Net.Http@4.3.0
  • System.Runtime.Numerics@4.3.0
  • Microsoft.Win32.Primitives@4.3.0
  • System.Globalization.Calendars@4.3.0
  • System.IO.Compression.ZipFile@4.3.0
  • System.IO.FileSystem.Primitives@4.3.0
  • System.Runtime.Handles@4.3.0
  • System.Security.Cryptography.Algorithms@4.3.0
  • System.Security.Cryptography.Encoding@4.3.0
  • System.Security.Cryptography.Primitives@4.3.0
  • System.Security.Cryptography.X509Certificates@4.3.0
  • Microsoft.NETCore.Targets@1.1.0
  • System.IO@4.1.0
  • System.Runtime.Handles@4.0.1
  • System.Text.Encoding@4.0.11
  • Microsoft.Win32.Primitives@4.0.1
  • Microsoft.Win32.Registry@4.0.0
  • runtime.native.System@4.0.0
  • System.IO.FileSystem.Primitives@4.0.1
  • System.Text.Encoding.Extensions@4.0.11
  • System.Threading.ThreadPool@4.0.10
  • System.Collections.Immutable@1.2.0
  • System.Reflection.Metadata@1.3.0
  • System.Threading.Overlapped@4.0.1
  • System.Diagnostics.Tracing@4.1.0
  • System.Net.Primitives@4.0.11
  • System.Security.Principal.Windows@4.0.0
  • System.Net.WebHeaderCollection@4.0.1
  • System.Net.Http@4.1.0
  • System.Diagnostics.Contracts@4.0.1
  • runtime.native.System@4.3.0
  • System.Runtime.Serialization.Primitives@4.3.0
  • System.Threading.Tasks.Extensions@4.3.0
  • System.Xml.ReaderWriter@4.0.11
  • System.Security.Permissions@4.5.0
  • System.Security.Cryptography.ProtectedData@4.5.0
  • System.Globalization.Extensions@4.0.1
  • System.Runtime@4.0.0
  • System.Reflection@4.0.0
  • System.Reflection.Emit.ILGeneration@4.0.0
  • System.IO@4.0.0
  • System.Reflection.Primitives@4.0.0
  • System.Linq.Expressions@4.0.10
  • System.Linq@4.0.0
  • System.Resources.ResourceManager@4.0.0
  • System.Reflection.Extensions@4.0.0
  • System.Reflection@4.0.10
  • System.Collections@4.0.10
  • System.ComponentModel@4.0.0
  • System.ComponentModel.Annotations@4.0.10
  • System.IO@4.0.10
  • System.ObjectModel@4.0.10
  • System.Runtime.InteropServices.WindowsRuntime@4.0.0
  • System.Runtime.Serialization.Xml@4.0.10
  • System.Runtime.WindowsRuntime@4.0.10
  • System.Threading@4.0.10
  • System.Xml.XDocument@4.0.10
  • System.Reflection.Emit.ILGeneration@4.3.0
  • System.Reflection.Emit.Lightweight@4.3.0
  • System.Reflection.TypeExtensions@4.3.0
  • System.Reflection.Emit@4.3.0
  • runtime.native.System.IO.Compression@4.3.0
  • System.Buffers@4.3.0
  • System.Diagnostics.DiagnosticSource@4.3.0
  • System.Runtime.WindowsRuntime@4.3.0
  • runtime.native.System.Net.Http@4.3.0
  • runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • System.Globalization.Extensions@4.3.0
  • System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.native.System.Security.Cryptography.Apple@4.3.0
  • System.Security.Cryptography.Cng@4.3.0
  • System.Security.Cryptography.Csp@4.3.0
  • System.Collections.Immutable@1.1.37
  • System.Security.Claims@4.0.1
  • System.Security.Principal@4.0.1
  • System.Diagnostics.DiagnosticSource@4.0.0
  • System.Security.Cryptography.X509Certificates@4.1.0
  • System.Runtime.WindowsRuntime@4.0.11
  • System.IO.Compression@4.1.0
  • runtime.native.System.Net.Http@4.0.1
  • runtime.native.System.Security.Cryptography@4.0.0
  • System.Security.Cryptography.Algorithms@4.2.0
  • System.Security.Cryptography.Encoding@4.0.0
  • System.Security.Cryptography.OpenSsl@4.0.0
  • System.Security.Cryptography.Primitives@4.0.0
  • System.Threading.Tasks.Extensions@4.0.0
  • System.Security.AccessControl@4.5.0
  • System.Memory@4.5.0
  • System.Text.Encoding@4.0.0
  • System.Threading.Tasks@4.0.0
  • System.Collections@4.0.0
  • System.Diagnostics.Debug@4.0.0
  • System.Reflection.TypeExtensions@4.0.0
  • System.Threading@4.0.0
  • System.Runtime.Extensions@4.0.0
  • System.Globalization@4.0.0
  • System.Reflection.Emit@4.0.0
  • System.ObjectModel@4.0.0
  • System.Runtime.Extensions@4.0.10
  • System.Text.RegularExpressions@4.0.10
  • System.Xml.ReaderWriter@4.0.0
  • System.Runtime.Serialization.Primitives@4.0.10
  • System.Private.DataContractSerialization@4.0.0
  • System.Diagnostics.Contracts@4.3.0
  • runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple@4.3.0
  • System.Globalization.Calendars@4.0.1
  • System.Runtime.Numerics@4.0.1
  • System.Security.Cryptography.Cng@4.2.0
  • System.Security.Cryptography.Csp@4.0.0
  • runtime.native.System.IO.Compression@4.1.0
  • System.Security.Principal.Windows@4.4.0
  • System.Security.Principal.Windows@4.5.0
  • Microsoft.NETCore.Platforms@2.0.0
  • System.Threading.Thread@4.3.0
  • System.Buffers@4.4.0
  • System.Runtime.CompilerServices.Unsafe@4.5.0
  • System.Numerics.Vectors@4.4.0
  • System.Diagnostics.Contracts@4.0.0
  • System.Text.Encoding@4.0.10
  • System.Xml.ReaderWriter@4.0.10
  • System.Text.Encoding.Extensions@4.0.10
  • System.Xml.XmlSerializer@4.0.10
  • System.Security.Claims@4.3.0
  • System.Security.Principal@4.3.0
    No vulnerabilities found.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant