Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible missed log4net vulnerability - when using Visual Studio 2019 #41

Open
mshiels opened this issue Aug 26, 2021 · 0 comments
Open

Possible missed log4net vulnerability - when using Visual Studio 2019 #41

mshiels opened this issue Aug 26, 2021 · 0 comments

Comments

@mshiels
Copy link

mshiels commented Aug 26, 2021

Under 2017 it's reported as a vulnerability but under 2019 it appears scanned - yet not report - here is the scan output - showing it did scan it, but somehow the report can't be trusted I think, right??

Auditing 12 packages and their dependencies in solution 'Print2Fax'.
Finding dependencies...
done.
Packages audited:

  • JetBrains.Annotations@11.1.0
  • log4net@2.0.8
  • Microsoft.Exchange.WebServices@2.2.0
  • Microsoft.Office.Interop.Outlook@15.0.4797.1003
  • System.DirectoryServices@4.0.0
  • Castle.Core@4.0.0
  • Moq@4.7.8
  • Prism.Core@6.2.0
  • CommonServiceLocator@1.3.0
  • Prism.Wpf@6.2.0
  • Unity@4.0.1
  • Prism.Unity@6.2.0
  • System.Runtime@4.1.0
  • NETStandard.Library@1.6.1
  • System.AppContext@4.3.0
  • System.Collections.NonGeneric@4.0.1
  • System.Console@4.3.0
  • System.Data.Common@4.1.0
  • System.Diagnostics.Debug@4.3.0
  • System.Diagnostics.Process@4.1.0
  • System.Diagnostics.StackTrace@4.0.1
  • System.Diagnostics.TraceSource@4.0.0
  • System.IO.FileSystem@4.3.0
  • System.IO.FileSystem.Watcher@4.0.0
  • System.Linq@4.3.0
  • System.Net.NameResolution@4.0.0
  • System.Net.Requests@4.0.11
  • System.Net.Sockets@4.3.0
  • System.Reflection@4.3.0
  • System.Reflection.Extensions@4.3.0
  • System.Reflection.TypeExtensions@4.1.0
  • System.Runtime.Extensions@4.3.0
  • System.Runtime.InteropServices@4.3.0
  • System.Runtime.InteropServices.RuntimeInformation@4.3.0
  • System.Runtime.Serialization.Formatters@4.3.0
  • System.Text.Encoding@4.3.0
  • System.Text.RegularExpressions@4.3.0
  • System.Threading@4.3.0
  • System.Threading.Thread@4.0.0
  • System.Threading.Timer@4.3.0
  • System.Xml.ReaderWriter@4.3.0
  • System.Xml.XmlDocument@4.0.1
  • System.Configuration.ConfigurationManager@4.5.0
  • System.AppContext@4.1.0
  • System.Collections.Specialized@4.0.1
  • System.ComponentModel.TypeConverter@4.0.1
  • System.Console@4.0.0
  • System.Diagnostics.Debug@4.0.11
  • System.Diagnostics.Tools@4.0.1
  • System.Dynamic.Runtime@4.0.11
  • System.Globalization@4.0.11
  • System.IO.FileSystem@4.0.1
  • System.Linq@4.1.0
  • System.ObjectModel@4.0.12
  • System.Reflection@4.1.0
  • System.Reflection.Emit@4.0.1
  • System.Reflection.Emit.Lightweight@4.0.1
  • System.Reflection.Extensions@4.0.1
  • System.Resources.ResourceManager@4.0.1
  • System.Runtime.Extensions@4.1.0
  • System.Runtime.InteropServices@4.1.0
  • System.Threading@4.0.11
  • System.Xml.XmlSerializer@4.0.11
  • System.Collections@4.0.11
  • System.Collections.Concurrent@4.0.12
  • System.Linq.Expressions@4.1.0
  • System.Linq.Queryable@4.0.1
  • System.Reflection.Emit.ILGeneration@4.0.1
  • System.Reflection.Primitives@4.0.1
  • System.Text.RegularExpressions@4.1.0
  • System.Threading.Tasks@4.0.11
  • Prism.Windows@6.0.2
  • System.Diagnostics.Debug@4.0.10
  • System.Globalization@4.0.10
  • System.Runtime@4.0.20
  • System.Threading.Tasks@4.0.10
  • Microsoft.NETCore.Platforms@1.0.1
  • Microsoft.NETCore.Targets@1.0.1
  • Microsoft.NETCore.Platforms@1.1.0
  • System.Collections@4.3.0
  • System.Diagnostics.Tools@4.3.0
  • System.Globalization@4.3.0
  • System.IO@4.3.0
  • System.Linq.Expressions@4.3.0
  • System.Net.Primitives@4.3.0
  • System.ObjectModel@4.3.0
  • System.Reflection.Primitives@4.3.0
  • System.Resources.ResourceManager@4.3.0
  • System.Runtime@4.3.0
  • System.Text.Encoding.Extensions@4.3.0
  • System.Threading.Tasks@4.3.0
  • System.Xml.XDocument@4.3.0
  • System.Collections.Concurrent@4.3.0
  • System.Diagnostics.Tracing@4.3.0
  • System.IO.Compression@4.3.0
  • System.Net.Http@4.3.0
  • System.Runtime.Numerics@4.3.0
  • Microsoft.Win32.Primitives@4.3.0
  • System.Globalization.Calendars@4.3.0
  • System.IO.Compression.ZipFile@4.3.0
  • System.IO.FileSystem.Primitives@4.3.0
  • System.Runtime.Handles@4.3.0
  • System.Security.Cryptography.Algorithms@4.3.0
  • System.Security.Cryptography.Encoding@4.3.0
  • System.Security.Cryptography.Primitives@4.3.0
  • System.Security.Cryptography.X509Certificates@4.3.0
  • Microsoft.NETCore.Targets@1.1.0
  • System.IO@4.1.0
  • System.Runtime.Handles@4.0.1
  • System.Text.Encoding@4.0.11
  • Microsoft.Win32.Primitives@4.0.1
  • Microsoft.Win32.Registry@4.0.0
  • runtime.native.System@4.0.0
  • System.IO.FileSystem.Primitives@4.0.1
  • System.Text.Encoding.Extensions@4.0.11
  • System.Threading.ThreadPool@4.0.10
  • System.Collections.Immutable@1.2.0
  • System.Reflection.Metadata@1.3.0
  • System.Threading.Overlapped@4.0.1
  • System.Diagnostics.Tracing@4.1.0
  • System.Net.Primitives@4.0.11
  • System.Security.Principal.Windows@4.0.0
  • System.Net.WebHeaderCollection@4.0.1
  • System.Net.Http@4.1.0
  • System.Diagnostics.Contracts@4.0.1
  • runtime.native.System@4.3.0
  • System.Runtime.Serialization.Primitives@4.3.0
  • System.Threading.Tasks.Extensions@4.3.0
  • System.Xml.ReaderWriter@4.0.11
  • System.Security.Permissions@4.5.0
  • System.Security.Cryptography.ProtectedData@4.5.0
  • System.Globalization.Extensions@4.0.1
  • System.Runtime@4.0.0
  • System.Reflection@4.0.0
  • System.Reflection.Emit.ILGeneration@4.0.0
  • System.IO@4.0.0
  • System.Reflection.Primitives@4.0.0
  • System.Linq.Expressions@4.0.10
  • System.Linq@4.0.0
  • System.Resources.ResourceManager@4.0.0
  • System.Reflection.Extensions@4.0.0
  • System.Reflection@4.0.10
  • System.Collections@4.0.10
  • System.ComponentModel@4.0.0
  • System.ComponentModel.Annotations@4.0.10
  • System.IO@4.0.10
  • System.ObjectModel@4.0.10
  • System.Runtime.InteropServices.WindowsRuntime@4.0.0
  • System.Runtime.Serialization.Xml@4.0.10
  • System.Runtime.WindowsRuntime@4.0.10
  • System.Threading@4.0.10
  • System.Xml.XDocument@4.0.10
  • System.Reflection.Emit.ILGeneration@4.3.0
  • System.Reflection.Emit.Lightweight@4.3.0
  • System.Reflection.TypeExtensions@4.3.0
  • System.Reflection.Emit@4.3.0
  • runtime.native.System.IO.Compression@4.3.0
  • System.Buffers@4.3.0
  • System.Diagnostics.DiagnosticSource@4.3.0
  • System.Runtime.WindowsRuntime@4.3.0
  • runtime.native.System.Net.Http@4.3.0
  • runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • System.Globalization.Extensions@4.3.0
  • System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.native.System.Security.Cryptography.Apple@4.3.0
  • System.Security.Cryptography.Cng@4.3.0
  • System.Security.Cryptography.Csp@4.3.0
  • System.Collections.Immutable@1.1.37
  • System.Security.Claims@4.0.1
  • System.Security.Principal@4.0.1
  • System.Diagnostics.DiagnosticSource@4.0.0
  • System.Security.Cryptography.X509Certificates@4.1.0
  • System.Runtime.WindowsRuntime@4.0.11
  • System.IO.Compression@4.1.0
  • runtime.native.System.Net.Http@4.0.1
  • runtime.native.System.Security.Cryptography@4.0.0
  • System.Security.Cryptography.Algorithms@4.2.0
  • System.Security.Cryptography.Encoding@4.0.0
  • System.Security.Cryptography.OpenSsl@4.0.0
  • System.Security.Cryptography.Primitives@4.0.0
  • System.Threading.Tasks.Extensions@4.0.0
  • System.Security.AccessControl@4.5.0
  • System.Memory@4.5.0
  • System.Text.Encoding@4.0.0
  • System.Threading.Tasks@4.0.0
  • System.Collections@4.0.0
  • System.Diagnostics.Debug@4.0.0
  • System.Reflection.TypeExtensions@4.0.0
  • System.Threading@4.0.0
  • System.Runtime.Extensions@4.0.0
  • System.Globalization@4.0.0
  • System.Reflection.Emit@4.0.0
  • System.ObjectModel@4.0.0
  • System.Runtime.Extensions@4.0.10
  • System.Text.RegularExpressions@4.0.10
  • System.Xml.ReaderWriter@4.0.0
  • System.Runtime.Serialization.Primitives@4.0.10
  • System.Private.DataContractSerialization@4.0.0
  • System.Diagnostics.Contracts@4.3.0
  • runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.fedora.23-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.fedora.24-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.opensuse.13.2-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.opensuse.42.1-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.rhel.7-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.14.04-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.16.04-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.ubuntu.16.10-x64.runtime.native.System.Security.Cryptography.OpenSsl@4.3.0
  • runtime.osx.10.10-x64.runtime.native.System.Security.Cryptography.Apple@4.3.0
  • System.Globalization.Calendars@4.0.1
  • System.Runtime.Numerics@4.0.1
  • System.Security.Cryptography.Cng@4.2.0
  • System.Security.Cryptography.Csp@4.0.0
  • runtime.native.System.IO.Compression@4.1.0
  • System.Security.Principal.Windows@4.4.0
  • System.Security.Principal.Windows@4.5.0
  • Microsoft.NETCore.Platforms@2.0.0
  • System.Threading.Thread@4.3.0
  • System.Buffers@4.4.0
  • System.Runtime.CompilerServices.Unsafe@4.5.0
  • System.Numerics.Vectors@4.4.0
  • System.Diagnostics.Contracts@4.0.0
  • System.Text.Encoding@4.0.10
  • System.Xml.ReaderWriter@4.0.10
  • System.Text.Encoding.Extensions@4.0.10
  • System.Xml.XmlSerializer@4.0.10
  • System.Security.Claims@4.3.0
  • System.Security.Principal@4.3.0
    No vulnerabilities found.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mshiels