CVE-2017-11770 - High Severity Vulnerability
Vulnerable Library - system.security.cryptography.x509certificates.4.1.0.nupkg
Provides types for reading, exporting and verifying Authenticode X.509 v3 certificates. These certif...
Library home page: https://api.nuget.org/packages/system.security.cryptography.x509certificates.4.1.0.nupkg
Path to dependency file: /Activities/Cryptography/UiPath.Cryptography.Activities.Tests/UiPath.Cryptography.Activities.Tests.csproj
Path to vulnerable library: /tmp/ws-ua_20230620162214_SSRFPG/dotnet_EGMXVM/20230620162214/system.security.cryptography.x509certificates/4.1.0/system.security.cryptography.x509certificates.4.1.0.nupkg
Dependency Hierarchy:
- microsoft.net.test.sdk.15.0.0.nupkg (Root Library)
- microsoft.testplatform.testhost.15.0.0.nupkg
- microsoft.testplatform.objectmodel.15.0.0.nupkg
- netstandard.library.1.6.0.nupkg
- ❌ system.security.cryptography.x509certificates.4.1.0.nupkg (Vulnerable Library)
Found in base branch: develop
Vulnerability Details
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Publish Date: 2017-11-15
URL: CVE-2017-11770
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-7mfr-774f-w5r9
Release Date: 2017-11-15
Fix Resolution: system.security.cryptography.x509certificates - 4.1.2,microsoft.netcore.app - 2.0.3
CVE-2017-11770 - High Severity Vulnerability
Provides types for reading, exporting and verifying Authenticode X.509 v3 certificates. These certif...
Library home page: https://api.nuget.org/packages/system.security.cryptography.x509certificates.4.1.0.nupkg
Path to dependency file: /Activities/Cryptography/UiPath.Cryptography.Activities.Tests/UiPath.Cryptography.Activities.Tests.csproj
Path to vulnerable library: /tmp/ws-ua_20230620162214_SSRFPG/dotnet_EGMXVM/20230620162214/system.security.cryptography.x509certificates/4.1.0/system.security.cryptography.x509certificates.4.1.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Publish Date: 2017-11-15
URL: CVE-2017-11770
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-7mfr-774f-w5r9
Release Date: 2017-11-15
Fix Resolution: system.security.cryptography.x509certificates - 4.1.2,microsoft.netcore.app - 2.0.3