Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Testing

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.7.102.0:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.7.102.0 0Low15
AWSSDK.Core:3.7.102pkg:nuget/AWSSDK.Core@3.7.102 06
AWSSDK.Core:3.7.401.4pkg:nuget/AWSSDK.Core@3.7.401.4 06
AWSSDK.DynamoDBv2.dllcpe:2.3:a:web_project:web:3.7.101.0:*:*:*:*:*:*:*pkg:generic/AWSSDK.DynamoDBv2@3.7.101.0 0Low15
AWSSDK.DynamoDBv2:3.7.101pkg:nuget/AWSSDK.DynamoDBv2@3.7.101 06
AWSSDK.Extensions.NETCore.Setup.dllpkg:generic/AWSSDK.Extensions.NETCore.Setup@3.7.1 013
AWSSDK.Extensions.NETCore.Setup:3.7.2pkg:nuget/AWSSDK.Extensions.NETCore.Setup@3.7.2 08
AWSSDK.RDS:3.7.410.21pkg:nuget/AWSSDK.RDS@3.7.410.21 06
AWSSDK.S3.dllpkg:generic/AWSSDK.S3@3.7.101.30 021
AWSSDK.SimpleEmail:3.7.0.15pkg:nuget/AWSSDK.SimpleEmail@3.7.0.15 06
AWSSDK.SimpleNotificationService.dllcpe:2.3:a:service_project:service:3.7.100.33:*:*:*:*:*:*:*pkg:generic/AWSSDK.SimpleNotificationService@3.7.100.33 0Low19
AWSSDK.SimpleSystemsManagement.dllpkg:generic/AWSSDK.SimpleSystemsManagement@3.7.102.13 019
Amazon.Lambda.APIGatewayEvents.dllcpe:2.3:a:web_project:web:1.2.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.APIGatewayEvents@1.2.0.0 0Low15
Amazon.Lambda.APIGatewayEvents:2.5.0pkg:nuget/Amazon.Lambda.APIGatewayEvents@2.5.0 08
Amazon.Lambda.ApplicationLoadBalancerEvents.dllpkg:generic/Amazon.Lambda.ApplicationLoadBalancerEvents@0.0.0.0 09
Amazon.Lambda.AspNetCoreServer.dllcpe:2.3:a:asp-project:asp-project:2.0.4:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.AspNetCoreServer@2.0.4 0Low15
Amazon.Lambda.AspNetCoreServer:7.3.0cpe:2.3:a:asp-project:asp-project:7.3.0:*:*:*:*:*:*:*pkg:nuget/Amazon.Lambda.AspNetCoreServer@7.3.0 0Low8
Amazon.Lambda.Core.dllcpe:2.3:a:web_project:web:1.0.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.Core@1.0.0.0 0Low15
Amazon.Lambda.Core:2.1.0pkg:nuget/Amazon.Lambda.Core@2.1.0 08
Amazon.Lambda.Logging.AspNetCore.dllcpe:2.3:a:asp-project:asp-project:2.0.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.Logging.AspNetCore@2.0.0.0 0Low15
Amazon.Lambda.SNSEvents:2.0.0pkg:nuget/Amazon.Lambda.SNSEvents@2.0.0 08
Amazon.Lambda.Serialization.Json:2.0.0pkg:nuget/Amazon.Lambda.Serialization.Json@2.0.0 08
Amazon.Lambda.Serialization.Json:2.1.0pkg:nuget/Amazon.Lambda.Serialization.Json@2.1.0 08
Amazon.Lambda.Serialization.SystemTextJson.dllpkg:generic/Amazon.Lambda.Serialization.SystemTextJson@0.0.0.0 09
AspectInjector:2.6.0pkg:nuget/AspectInjector@2.6.0 04
AutoMapper.Extensions.Microsoft.DependencyInjection.dllpkg:generic/AutoMapper.Extensions.Microsoft.DependencyInjection@12.0.0 021
AutoMapper.dllpkg:generic/AutoMapper@12.0.0 019
AwsParameterStore.Microsoft.Extensions.Configuration.dllpkg:generic/AwsParameterStore.Microsoft.Extensions.Configuration@0.7.0 026
ClearReportHandler.csproj 02
ClearReportHandler.dllpkg:generic/ClearReportHandler@1.0.0 016
FluentEmail.Core.dllcpe:2.3:a:github:github:3.0.2:*:*:*:*:*:*:*pkg:generic/FluentEmail.Core@3.0.2HIGH1Low15
FluentValidation.AspNetCore.dllcpe:2.3:a:asp-project:asp-project:11.2.2:*:*:*:*:*:*:*pkg:generic/FluentValidation.AspNetCore@11.2.2 0Low21
FluentValidation.DependencyInjectionExtensions.dllpkg:generic/FluentValidation.DependencyInjectionExtensions@11.4.0 021
FluentValidation.dllpkg:generic/FluentValidation@11.4.0 019
Hashids.net.dllpkg:generic/Hashids.net@1.6.1 020
Humanizer.dllpkg:generic/Humanizer@2.8.26 015
Login.js 00
Lumigo.DotNET:1.0.51pkg:nuget/Lumigo.DotNET@1.0.51 06
MailKit:2.0.4pkg:nuget/MailKit@2.0.4 04
MasterSwagger.js 00
Microsoft.AspNetCore.Http:2.2.2cpe:2.3:a:asp-project:asp-project:2.2.2:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.Http@2.2.2MEDIUM1Low8
Microsoft.AspNetCore.JsonPatch.dllcpe:2.3:a:asp-project:asp-project:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:6.0.11:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.JsonPatch@6.0.11 0Low15
Microsoft.AspNetCore.Mvc.Versioning.dllcpe:2.3:a:asp-project:asp-project:5.0.7710.5690:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:5.0.7710.5690:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.Mvc.Versioning@5.0.7710.5690 0Low19
Microsoft.AspNetCore.Mvc.Versioning:5.0.0cpe:2.3:a:asp-project:asp-project:5.0.0:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.Mvc.Versioning@5.0.0 0Low8
Microsoft.DotNet.InternalAbstractions.dllpkg:generic/Microsoft.DotNet.InternalAbstractions@1.0.0 010
Microsoft.EntityFrameworkCore.Abstractions.dllpkg:generic/Microsoft.EntityFrameworkCore.Abstractions@6.0.11 016
Microsoft.EntityFrameworkCore.Design.dllpkg:generic/Microsoft.EntityFrameworkCore.Design@6.0.11 026
Microsoft.EntityFrameworkCore.Relational.dllpkg:generic/Microsoft.EntityFrameworkCore.Relational@6.0.11 024
Microsoft.EntityFrameworkCore.dllpkg:generic/Microsoft.EntityFrameworkCore@6.0.11 022
Microsoft.Extensions.Caching.Memory.dllpkg:generic/Microsoft.Extensions.Caching.Memory@6.0.2 015
Microsoft.Extensions.Configuration.Abstractions.dllpkg:generic/Microsoft.Extensions.Configuration.Abstractions@7.0.22.51805 015
Microsoft.Extensions.Configuration.Binder.dllpkg:generic/Microsoft.Extensions.Configuration.Binder@7.0.22.51805 015
Microsoft.Extensions.Configuration.EnvironmentVariables.dllpkg:generic/Microsoft.Extensions.Configuration.EnvironmentVariables@6.0.2 017
Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1pkg:nuget/Microsoft.Extensions.Configuration.EnvironmentVariables@6.0.1 08
Microsoft.Extensions.Configuration.Json:7.0.0pkg:nuget/Microsoft.Extensions.Configuration.Json@7.0.0 08
Microsoft.Extensions.Configuration.UserSecrets.dllcpe:2.3:a:user_project:user:6.0.2:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Configuration.UserSecrets@6.0.2 0Low17
Microsoft.Extensions.Configuration:7.0.0pkg:nuget/Microsoft.Extensions.Configuration@7.0.0 08
Microsoft.Extensions.DependencyInjection.Abstractions.dllpkg:generic/Microsoft.Extensions.DependencyInjection.Abstractions@7.0.22.51805 015
Microsoft.Extensions.DependencyInjection.dllpkg:generic/Microsoft.Extensions.DependencyInjection@7.0.22.51805 015
Microsoft.Extensions.DependencyInjection:7.0.0pkg:nuget/Microsoft.Extensions.DependencyInjection@7.0.0 08
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@1.0.0 010
Microsoft.Extensions.Hosting.dllpkg:generic/Microsoft.Extensions.Hosting@6.0.2 015
Microsoft.Extensions.Hosting:6.0.1pkg:nuget/Microsoft.Extensions.Hosting@6.0.1 08
Microsoft.Extensions.Logging.Abstractions.dllpkg:generic/Microsoft.Extensions.Logging.Abstractions@7.0.22.51805 017
Microsoft.Extensions.Logging.Console:6.0.0pkg:nuget/Microsoft.Extensions.Logging.Console@6.0.0 08
Microsoft.Extensions.Logging.dllpkg:generic/Microsoft.Extensions.Logging@7.0.22.51805 015
Microsoft.Extensions.Logging:7.0.0pkg:nuget/Microsoft.Extensions.Logging@7.0.0 08
Microsoft.Extensions.Options.ConfigurationExtensions.dllpkg:generic/Microsoft.Extensions.Options.ConfigurationExtensions@7.0.22.51805 015
Microsoft.Extensions.Options.ConfigurationExtensions:7.0.0pkg:nuget/Microsoft.Extensions.Options.ConfigurationExtensions@7.0.0 08
Microsoft.Extensions.Options.dllpkg:generic/Microsoft.Extensions.Options@7.0.22.51805 015
Microsoft.Extensions.PlatformAbstractions.dllpkg:generic/Microsoft.Extensions.PlatformAbstractions@1.0.0 013
Microsoft.Extensions.Primitives.dllpkg:generic/Microsoft.Extensions.Primitives@7.0.22.51805 015
Microsoft.IdentityModel.JsonWebTokens.dllcpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:json_web_token_project:json_web_token:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.JsonWebTokens@6.25.1.31130MEDIUM1Low16
Microsoft.IdentityModel.Protocols.OpenIdConnect.dllcpe:2.3:a:identitymodel_project:identitymodel:6.10.0:20330:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:6.10.0:20330:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Protocols.OpenIdConnect@6.10.0.20330MEDIUM1Low16
Microsoft.IdentityModel.Protocols.dllcpe:2.3:a:identitymodel_project:identitymodel:6.10.0:20330:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:6.10.0:20330:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:6.10.0:20330:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Protocols@6.10.0.20330MEDIUM1Low16
Microsoft.IdentityModel.Tokens.dllcpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Tokens@6.25.1.31130MEDIUM1Low16
Microsoft.NET.Test.Sdk:17.1.0pkg:nuget/Microsoft.NET.Test.Sdk@17.1.0 08
Microsoft.TestPlatform.CrossPlatEngine.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine@15.0.0 0Low14
Microsoft.TestPlatform.CrossPlatEngine.resources.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine.resources@15.0.0 0Low13
Microsoft.VisualStudio.CodeCoverage.Shim.dllpkg:generic/Microsoft.VisualStudio.CodeCoverage.Shim@17.100.221.61401 015
Newtonsoft.Json.Bson.dllcpe:2.3:a:newtonsoft:json.net:1.0.2:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json.Bson@1.0.2HIGH1Low15
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:13.0.3:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@13.0.3 0Low15
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:13.0.2:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@13.0.2 0Low22
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:9.0.1:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@9.0.1HIGH1Low16
Npgsql.EntityFrameworkCore.PostgreSQL.dllcpe:2.3:a:postgresql:postgresql:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:6.0.7:*:*:*:*:*:*:*		pkg:generic/Npgsql.EntityFrameworkCore.PostgreSQL@6.0.7CRITICAL35Highest23
Npgsql.dllpkg:generic/Npgsql@6.0.7 015
NuGet.Frameworks.dllcpe:2.3:a:microsoft:nuget:5.11.0:*:*:*:*:*:*:*pkg:generic/NuGet.Frameworks@5.11.0MEDIUM1Low15
Pomelo.EntityFrameworkCore.MySql:6.0.2cpe:2.3:a:mysql:mysql:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:6.0.2:*:*:*:*:*:*:*		pkg:nuget/Pomelo.EntityFrameworkCore.MySql@6.0.2 0Low8
SonarScanner.MSBuild.Common.dllpkg:generic/SonarScanner.MSBuild.Common@6.1.0.83647 017
SonarScanner.MSBuild.Tasks.dllcpe:2.3:a:tasks:tasks:6.1.0.83647:*:*:*:*:*:*:*pkg:generic/SonarScanner.MSBuild.Tasks@6.1.0.83647MEDIUM2Low15
SwaggerController.js 00
Swashbuckle.AspNetCore.Examples.dllpkg:generic/Swashbuckle.AspNetCore.Examples@2.9.0 024
Swashbuckle.AspNetCore.Swagger.dllpkg:generic/Swashbuckle.AspNetCore.Swagger@2.4.0 022
Swashbuckle.AspNetCore.SwaggerGen.dllpkg:generic/Swashbuckle.AspNetCore.SwaggerGen@2.4.0 024
System.IdentityModel.Tokens.Jwt.dllcpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*		pkg:generic/System.IdentityModel.Tokens.Jwt@6.25.1.31130MEDIUM1Low16
System.IdentityModel.Tokens.Jwt:6.25.1cpe:2.3:a:identitymodel_project:identitymodel:6.25.1:*:*:*:*:*:*:*pkg:nuget/System.IdentityModel.Tokens.Jwt@6.25.1MEDIUM1Low8
UserManagement.API.Tests.csproj 02
UserManagement.API.Tests.dllcpe:2.3:a:user_project:user:1.0.0:*:*:*:*:*:*:*pkg:generic/UserManagement.API.Tests@1.0.0 0Low16
UserManagement.API.csproj 02
UserManagement.API.exe 02
UserManagement.Tests.csproj 02
UserManagement.Tests.dllcpe:2.3:a:user_project:user:1.0.0:*:*:*:*:*:*:*pkg:generic/UserManagement.Tests@1.0.0 0Low16
UserManagement.csproj 02
UserManagement.dllcpe:2.3:a:user_project:user:1.0.0:*:*:*:*:*:*:*pkg:generic/UserManagement@1.0.0 0Low16
UserSessionDeletionHandler.csproj 02
UserSessionDeletionHandler.dllcpe:2.3:a:user_project:user:1.0.0:*:*:*:*:*:*:*pkg:generic/UserSessionDeletionHandler@1.0.0 0Low16
UserSwagger.js 00
Utility.js 00
coverlet.collector:3.1.2pkg:nuget/coverlet.collector@3.1.2 06
package.json 00
swagger.js 00
swaggerDefinition.js 00
testhost.dllpkg:generic/testhost@15.0.0 013
testhost.exe 02
xunit.abstractions.dllpkg:generic/xunit.abstractions@2.0.0.0 017
xunit.assert.dllpkg:generic/xunit.assert@2.4.1 017
xunit.core.dllpkg:generic/xunit.core@2.4.1 017
xunit.execution.dotnet.dllpkg:generic/xunit.execution.dotnet@2.4.1 017
xunit.runner.reporters.netcoreapp10.dllpkg:generic/xunit.runner.reporters.netcoreapp10@2.4.1 019
xunit.runner.utility.netcoreapp10.dllpkg:generic/xunit.runner.utility.netcoreapp10@2.4.1 017
xunit.runner.visualstudio.dotnetcore.testadapter.dllpkg:generic/xunit.runner.visualstudio.dotnetcore.testadapter@2.4.3 017
xunit.runner.visualstudio:2.4.3pkg:nuget/xunit.runner.visualstudio@2.4.3 08
xunit:2.4.1pkg:nuget/xunit@2.4.1 04

Dependencies (vulnerable)

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Core Runtime

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.Core.dll
MD5: 00dc2967ad312264a7ff65eea14ae002
SHA1: f6908d716edcfb495fd503cfae1d72e65c64b552
SHA256:13f67e426986422b65a54e5b425425c049297f0b760723f2a61d0c502fc2a151

Identifiers

AWSSDK.Core:3.7.102

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

AWSSDK.Core:3.7.401.4

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

AWSSDK.DynamoDBv2.dll

Description:

AWSSDK.DynamoDBv2

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon DynamoDB. Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.DynamoDBv2.dll
MD5: 29997e9a4be2194e46832625e9e209b5
SHA1: a647a5ef869fa711097c48fb3c7cec1f87b4f09a
SHA256:2c3a44e1231991592c24109919581c2a6b9913d87eec2ad2efca2c6683c18cf4

Identifiers

AWSSDK.DynamoDBv2:3.7.101

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

AWSSDK.Extensions.NETCore.Setup.dll

Description:

AWSSDK.Extensions.NETCore.Setup

Amazon Web Services SDK for .NET extensions for .NET Core setup

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.Extensions.NETCore.Setup.dll
MD5: 16c4d2168143c1802bd5f0e22a6a6e77
SHA1: 4f2dd534473e60396793e3daf8e7d2c78c9749a7
SHA256:de842a88c3aef72b4b5c916dee93f367226d5587d8ea929ccfb083919395ba6b

Identifiers

AWSSDK.Extensions.NETCore.Setup:3.7.2

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj

Identifiers

AWSSDK.RDS:3.7.410.21

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

AWSSDK.S3.dll

Description:

AWSSDK.S3

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Storage Service. Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable object storage.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.S3.dll
MD5: 5a9a2f1894b19ad4053bb1f1c9944346
SHA1: f545262f2195b39c4eaf573835e20415917d6109
SHA256:ec14bb3bc57636812f2271a42d0ac43907e21e3ff462ed84c3b9f693652587e8

Identifiers

AWSSDK.SimpleEmail:3.7.0.15

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

AWSSDK.SimpleNotificationService.dll

Description:

AWSSDK.SimpleNotificationService

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Notification Service. Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push notifications to Apple, Google, Fire OS, and Windows devices, as well as Android devices in China with Baidu Cloud Push.  You can also use SNS to push notifications to internet connected smart devices, as well as other distributed services.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.SimpleNotificationService.dll
MD5: 36224fbf51e7f3e36c83102e42228bff
SHA1: 256abac1a7fd68fea2672b78b5f3c35612183610
SHA256:afdb16eb3575d50f2e0dc6fa059044a64606faeb8bc4d0b354f83d4407965447

Identifiers

AWSSDK.SimpleSystemsManagement.dll

Description:

AWSSDK.SimpleSystemsManagement

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Systems Manager (SSM). Amazon EC2 Simple Systems Manager (SSM) enables you to manage a number of administrative and configuration tasks on your instances.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AWSSDK.SimpleSystemsManagement.dll
MD5: b5b9ccdfc12e633a6218812d1c08b9a9
SHA1: 30ebe8eda97bab97939d5bbbca0e9ce93e1d5200
SHA256:7f0bcb1a29ef15e0f51f2f9e23f2522d3cb300f2f6043c377de5db56c2244676

Identifiers

Amazon.Lambda.APIGatewayEvents.dll

Description:

Amazon.Lambda.APIGatewayEvents

Lambda event interfaces for API Gateway event source.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.APIGatewayEvents.dll
MD5: f8d722d4fed53b617ca27ede8b0fd007
SHA1: ffbad6f0caadfb7b523b15c4ee0a387f3838d1e7
SHA256:4c2b8a366f500679241b8b7621a51db521ab235a34dd3daaea6be1fb5beb6a01

Identifiers

Amazon.Lambda.APIGatewayEvents:2.5.0

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

Amazon.Lambda.ApplicationLoadBalancerEvents.dll

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.ApplicationLoadBalancerEvents.dll
MD5: ae75d9f69d0372ed9f5670b7dda6d289
SHA1: 577796cab594dc7e43ce3f7a0c3002d9017cf789
SHA256:92d056aee57a68fb73e5d4844d6b8a31b5b357a348ec8410530efe0f8925621f

Identifiers

Amazon.Lambda.AspNetCoreServer.dll

Description:

Amazon.Lambda.AspNetCoreServer

Amazon.Lambda.AspNetCoreServer makes it easy to run ASP.NET Core Web API applications as AWS Lambda functions.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.AspNetCoreServer.dll
MD5: b6e9fbf73d48d201535da0ef8ecf35c2
SHA1: 4e0e057749837317e3d8b1eada133652341e80d5
SHA256:8794296e91da57a7b7387722a6ecea43a77e4cde06fe153b490a3af63af225fa

Identifiers

Amazon.Lambda.AspNetCoreServer:7.3.0

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

Amazon.Lambda.Core.dll

Description:

Amazon.Lambda.Core

Core interfaces for Lambda.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.Core.dll
MD5: e3ff649709a36002a8caeba1c2b6a63c
SHA1: 8a0d532bd5dd292dd8b5572c81a0af48a30cd5ce
SHA256:d3fd1d761d03288299dfb5bc5fbb9650c360e815176828704ed683d056ffa249

Identifiers

Amazon.Lambda.Core:2.1.0

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj

Identifiers

Amazon.Lambda.Logging.AspNetCore.dll

Description:

Amazon.Lambda.Logging.AspNetCore

ASP.NET Core logging support for Lambda.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.Logging.AspNetCore.dll
MD5: 9482935b3e88a8679c51b76bad324279
SHA1: 680ec56a97395d0c0f61bd550e0d2df20621e7c6
SHA256:770e5dfc23757a239061d5748dd0a2af820160cb84d793766cc2cabb6f4eeaf4

Identifiers

Amazon.Lambda.SNSEvents:2.0.0

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

Amazon.Lambda.Serialization.Json:2.0.0

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj

Identifiers

Amazon.Lambda.Serialization.Json:2.1.0

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

Amazon.Lambda.Serialization.SystemTextJson.dll

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Amazon.Lambda.Serialization.SystemTextJson.dll
MD5: c1cd7fd3b07a4af7815bfe8015a2284e
SHA1: e2f3299ec806001aa2e171aa0d957e2a7d287903
SHA256:a0a68396c58029c206feeedc15f088307eba9b36185eee9707c127be84988a68

Identifiers

AspectInjector:2.6.0

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

AutoMapper.Extensions.Microsoft.DependencyInjection.dll

Description:

AutoMapper.Extensions.Microsoft.DependencyInjection

AutoMapper extensions for ASP.NET Core

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AutoMapper.Extensions.Microsoft.DependencyInjection.dll
MD5: 40eb6d80e26942da883a8ef16d87a173
SHA1: d037ce1ffb0ca9ada212215ad6ae4af6d68fc199
SHA256:120c4d32a9120eebd6d2a7c9e75070cf31cdc85833eba050b031cad579e16547

Identifiers

AutoMapper.dll

Description:

AutoMapper

A convention-based object-object mapper.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AutoMapper.dll
MD5: 0a62f2c108330913cadaa41819f8920f
SHA1: bbb059b1604d7c07ed21c054846fed3f5395ef74
SHA256:2d35a628d53d8ba7c11d55be303d18e2c685f57cfbb2e9d75d8ebd90c9475cdb

Identifiers

AwsParameterStore.Microsoft.Extensions.Configuration.dll

Description:

AwsParameterStore.Microsoft.Extensions.Configuration

AWS Systems Manager Parameter Store configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\AwsParameterStore.Microsoft.Extensions.Configuration.dll
MD5: 6cff4cd5f4718297b37aa5e5bdc12d3b
SHA1: c45342ce39b8ea74491f13ab6382a1b479a7ad60
SHA256:903a0610bba31e40d1031e08d2a51354754f06c542678e587fbedab222def010

Identifiers

ClearReportHandler.csproj

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj
MD5: 18d647c198ef6749449183109512d2b2
SHA1: 2d9667b6d4a4b5533ad0c53193eab07b2c16a4a1
SHA256:c45ffaa549a96788af29760099eee2173e4ba49038bea25b321f7869e34f686e

Identifiers

  • None

ClearReportHandler.dll

Description:

ClearReportHandler

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\bin\Debug\net6.0\ClearReportHandler.dll
MD5: dec0f471b14974ecefc105493354ee7d
SHA1: 48913a771e9b0de29fb4b6feadc4afe5987be1cb
SHA256:6456f855919b1032c0aa7b62c8223071cec43e306ce18c10424fdb07a2ff104b

Identifiers

FluentEmail.Core.dll

Description:

Fluent Email

Send emails very easily. Use razor templates, smtp, embedded files, all without hassle. This is a Base Package and includes just the domain model, very basic defaults, and is also included with every other Fluent Email package here.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\FluentEmail.Core.dll
MD5: 37209408ac22e3fa195d6a3993a30097
SHA1: 9aa7bed234c5c6d31c3fd89196f1f9c651f741cd
SHA256:841a5e9ddc9c6ea6ac82d0c862213cf270a24fe3a21940871e175a6a6842c6ff

Identifiers

CVE-2012-2055  

GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability.
CWE-913 Improper Control of Dynamically-Managed Code Resources

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions:

FluentValidation.AspNetCore.dll

Description:

FluentValidation.AspNetCore

AspNetCore integration for FluentValidation

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\FluentValidation.AspNetCore.dll
MD5: 96d46b48b71daf9b244c9befb9c7c9d6
SHA1: ab4017564c320bd6c3857c5b02ce40451b98f3fa
SHA256:622cc69a0552ecd0b7a5803d214a97ea08239d223876d1cebdb6299e9593ba37

Identifiers

FluentValidation.DependencyInjectionExtensions.dll

Description:

FluentValidation.DependencyInjectionExtensions

Dependency injection extensions for FluentValidation

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\FluentValidation.DependencyInjectionExtensions.dll
MD5: 18d114b8af98663d7f0a68af2d0e32ff
SHA1: 78b5b600ff1807b03dea83b69996b785d112fbe6
SHA256:05171796692031bfdb1e0b0e3b206fad95d4eede2f9b5f2371ca826ed813b3f9

Identifiers

FluentValidation.dll

Description:

FluentValidation

A validation library for .NET that uses a fluent interface to construct strongly-typed validation rules.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\FluentValidation.dll
MD5: 262044fd88a7410be4496a910b3312b2
SHA1: 90a6ac423f1d7c4d1bbf7ffd8de0f4dec3bb54df
SHA256:2715554650a612d7cfacaa7ca72a74632be6e11025f23aeff53f4549e7ce6c46

Identifiers

Hashids.net.dll

Description:

Hashids.net

Generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Hashids.net.dll
MD5: 5d1689f2e4d893290b8a90b464e95bea
SHA1: d4bcf419c9ba3256243f904d489be5c4fb1bdc72
SHA256:ac19cd5e5239dd7c1b21fefad505b965eac63a105306ce2a43a98f8df2d742c4

Identifiers

Humanizer.dll

Description:

Humanizer

A micro-framework that turns your normal strings, type names, enum fields, date fields ETC into a human friendly format

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Humanizer.dll
MD5: b23ec3bf471a12c288f2a46b428bd013
SHA1: 766c5bf33247f5d399f410873f4640c35fbc885e
SHA256:15e988ab3e8d84900ae90549eb399aac452d55edf0109e06fa1a9b227ddfd4c4

Identifiers

Login.js

File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\definitions\Login.js
MD5: bcb7d1611cfc53e5f3e363d63e55bc54
SHA1: bc54740c17f9b9d6e8c42fede69387f09b0d1c61
SHA256:89ce234b28895e3201aeb39c6ab379a5e471ec71f138bcedfe97ef736b86aa7f

Identifiers

  • None

Lumigo.DotNET:1.0.51

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

MailKit:2.0.4

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

MasterSwagger.js

File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\definitions\MasterSwagger.js
MD5: 6b444051d2b9e5c32f4a8b5ae61a6ab6
SHA1: fc6bb6c41b66f3bb765a7aea0dde3284a409fdaa
SHA256:8160d7b91cf11ddff7468a70dca1481b30edf4aa22e873b9f28c51931bb617cc

Identifiers

  • None

Microsoft.AspNetCore.Http:2.2.2

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

CVE-2020-1045 (OSSINDEX)  

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p>
<p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p>
<p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p>


Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-1045 for details
CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:Microsoft.AspNetCore.Http:2.2.2:*:*:*:*:*:*:*

Microsoft.AspNetCore.JsonPatch.dll

Description:

Microsoft.AspNetCore.JsonPatch

ASP.NET Core support for JSON PATCH.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.AspNetCore.JsonPatch.dll
MD5: 73a35e9f29f35b38a6752073eeae3315
SHA1: d0a539a0e36cc7cf47875eb93d2d8b23c194b193
SHA256:d75f74d9a540b2b947b3604ec6faa611313dc2e127bedb58607f8feef2d4d525

Identifiers

Microsoft.AspNetCore.Mvc.Versioning.dll

Description:

Microsoft ASP.NET Core API Versioning

A service API versioning library for Microsoft ASP.NET Core.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.AspNetCore.Mvc.Versioning.dll
MD5: 0e90a8bbe8b215e93239c9ed8e32758e
SHA1: 5ce23dfc4666461757fc6bc05fe5c1c59701f3db
SHA256:81e1ef6edfd0b2058054817ec92a1234856ccb65c639b428a25c21cab0124153

Identifiers

Microsoft.AspNetCore.Mvc.Versioning:5.0.0

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

Microsoft.DotNet.InternalAbstractions.dll

Description:

Abstractions for making code that uses file system and environment testable.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.DotNet.InternalAbstractions.dll
MD5: eafc60cf6f13766c9ab96f5b23457252
SHA1: 8f8d4c9a0b1f700bc2ad8134b3200ce0683e95b9
SHA256:afd22ba2a118645e049e27d65164c97125e416934d1cbd16fa0f231d0fe68f5b

Identifiers

Microsoft.EntityFrameworkCore.Abstractions.dll

Description:

Microsoft.EntityFrameworkCore.Abstractions

Provides abstractions and attributes that are used to configure Entity Framework Core

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Abstractions.dll
MD5: 86b1d7511868631ac5a699abfad28641
SHA1: b7705d526a2d2297231b463509727590fcef3dd8
SHA256:5fa213113051002988514ca4a25df91d4a8166d7b8ae6b49de419895d7acc1e1

Identifiers

Microsoft.EntityFrameworkCore.Design.dll

Description:

Microsoft.EntityFrameworkCore.Design

Shared design-time components for Entity Framework Core tools.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Design.dll
MD5: 51a38607025ad2914325af5a10300b82
SHA1: 777820dffc3fe6cbc517986c2ab85657ee90f8ab
SHA256:da325c2ad641b9b4c7d1dca0bb8653edd7d40e5bf48892578aae372ecf140f94

Identifiers

Microsoft.EntityFrameworkCore.Relational.dll

Description:

Microsoft.EntityFrameworkCore.Relational

Shared Entity Framework Core components for relational database providers.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Relational.dll
MD5: 7fc88f8521204fb8dd3d88fccfc95019
SHA1: 0355e8588fe03caf93c7b8c62e2d00f1c6466b6c
SHA256:9fdf3e18c8652204ad369c4fd3ebf6daa789c2f3c2cdac6583030007c32a95d2

Identifiers

Microsoft.EntityFrameworkCore.dll

Description:

Microsoft.EntityFrameworkCore

Entity Framework Core is a modern object-database mapper for .NET. It supports LINQ queries, change tracking, updates, and schema migrations. EF Core works with SQL Server, Azure SQL Database, SQLite, Azure Cosmos DB, MySQL, PostgreSQL, and other databases through a provider plugin API.

Commonly Used Types:
Microsoft.EntityFrameworkCore.DbContext
Microsoft.EntityFrameworkCore.DbSet

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.dll
MD5: 73146811272dc2b5353b3cb9b3e26caa
SHA1: 42708abdcb5d9b477ecebfc4be5f29776b860c5b
SHA256:da96237f5b353adb2fe4162101668df82453e96d0d82ffecf61bc24c19b18738

Identifiers

Microsoft.Extensions.Caching.Memory.dll

Description:

Microsoft.Extensions.Caching.Memory

In-memory cache implementation of Microsoft.Extensions.Caching.Memory.IMemoryCache.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Caching.Memory.dll
MD5: 4b05e228ce48e5aa53361feb8d30398a
SHA1: d71b874fee66d6f8bf003b97869050f466c28db7
SHA256:68e25eb71dab3eea401ac5e0d8d0912f9a7eff17733325126e69f6e2dc567d0c

Identifiers

Microsoft.Extensions.Configuration.Abstractions.dll

Description:

Microsoft.Extensions.Configuration.Abstractions

Abstractions of key-value pair based configuration.

Commonly Used Types:
Microsoft.Extensions.Configuration.IConfiguration
Microsoft.Extensions.Configuration.IConfigurationBuilder
Microsoft.Extensions.Configuration.IConfigurationProvider
Microsoft.Extensions.Configuration.IConfigurationRoot
Microsoft.Extensions.Configuration.IConfigurationSection

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll
MD5: 5edcf3dccef856711d35e0afdbdf6d0c
SHA1: fefe0a4870d36814a45f8e9c63530f1963cd6c0c
SHA256:893f042b8bea61e3e56091ee6167af61bc38a39d35cb1d0f9b222aae4493146a

Identifiers

Microsoft.Extensions.Configuration.Binder.dll

Description:

Microsoft.Extensions.Configuration.Binder

Functionality to bind an object to data in configuration providers for Microsoft.Extensions.Configuration.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Binder.dll
MD5: db18ebb0ad92f4d11f37dced9e4157f1
SHA1: 16236c199d1d88cd3048c723d13d821acef918f5
SHA256:59d14c4b98f6ed5b44512667ebaa71afe60f950483b5815d8c7604086445b03a

Identifiers

Microsoft.Extensions.Configuration.EnvironmentVariables.dll

Description:

Microsoft.Extensions.Configuration.EnvironmentVariables

Environment variables configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
MD5: 08f52a0ff6e9a3602259930674f95c5e
SHA1: 4fd2e59545e6c845f8f9de6ce8fc4540acf1aa25
SHA256:94fb00fe869f78b572e8564d2700b143f392a5ab7c110e8c81981d5edbf632f7

Identifiers

Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj

Identifiers

Microsoft.Extensions.Configuration.Json:7.0.0

File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\ClearReportHandler.csproj

Identifiers

Microsoft.Extensions.Configuration.UserSecrets.dll

Description:

Microsoft.Extensions.Configuration.UserSecrets

User secrets configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.UserSecrets.dll
MD5: f9255c8f30ac81d4693d1ddce2f59a07
SHA1: b1be780e5f10dadd9bb1965739722e15a67a7171
SHA256:cdb02893f9a9e822f8646836ec9e25c3c538a56872225f98a6b495103938eba8

Identifiers

Microsoft.Extensions.Configuration:7.0.0

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Description:

Microsoft.Extensions.DependencyInjection.Abstractions

Abstractions for dependency injection.

Commonly Used Types:
Microsoft.Extensions.DependencyInjection.IServiceCollection

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll
MD5: 6c8655836651933ffa4c253b5fa72939
SHA1: b75730d6c1ef5e0ca6d7f7a1a5ee540aee940836
SHA256:087813b2f9350b8c2d31e5bc9a5410fab198fadac87bb1269f41de6e6ad7ee62

Identifiers

Microsoft.Extensions.DependencyInjection.dll

Description:

Microsoft.Extensions.DependencyInjection

Default implementation of dependency injection for Microsoft.Extensions.DependencyInjection.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.dll
MD5: d73fb559b01aca341a7750ddf3f6d6eb
SHA1: 5f62514899132aed440854e599b742683bcea1d5
SHA256:f8fe8bedbedefe0fab7e68c48f508d486b42258e16c09572886d7293507bdad6

Identifiers

Microsoft.Extensions.DependencyInjection:7.0.0

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Abstractions for reading `.deps` files.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.DependencyModel.dll
MD5: c99274e8d8276563d8cefa3870b54b75
SHA1: 90a1325a25bad7ca88b80305599f9027981c900b
SHA256:c9eb87d14a9d170badcbce407888c2a565f1f216deaa6d615d1e741c4b62c10b

Identifiers

Microsoft.Extensions.Hosting.dll

Description:

Microsoft.Extensions.Hosting

Hosting and startup infrastructures for applications.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Hosting.dll
MD5: d57f28ca156b8bc37e4547751443bfb1
SHA1: a1132e597ba1f2796de1e4ed2d6a0d929af195d5
SHA256:327b4c2e65a9f1d546d2d70443bb654eb25675a8d3ea2e098c81e7b53f7a4bbd

Identifiers

Microsoft.Extensions.Hosting:6.0.1

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj

Identifiers

Microsoft.Extensions.Logging.Abstractions.dll

Description:

Microsoft.Extensions.Logging.Abstractions

Logging abstractions for Microsoft.Extensions.Logging.

Commonly Used Types:
Microsoft.Extensions.Logging.ILogger
Microsoft.Extensions.Logging.ILoggerFactory
Microsoft.Extensions.Logging.ILogger<TCategoryName>
Microsoft.Extensions.Logging.LogLevel
Microsoft.Extensions.Logging.Logger<T>
Microsoft.Extensions.Logging.LoggerMessage
Microsoft.Extensions.Logging.Abstractions.NullLogger

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Logging.Abstractions.dll
MD5: 5127ddc4377a4fec97eac8e991477d00
SHA1: eb1c84da67d382390397e30fe801a38944bcf48c
SHA256:b4bf70c7e2aa5ea0090e13817b895339259cc435dd16d8bd32ce4ebd85de4a3c

Identifiers

Microsoft.Extensions.Logging.Console:6.0.0

File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

Identifiers

Microsoft.Extensions.Logging.dll

Description:

Microsoft.Extensions.Logging

Logging infrastructure default implementation for Microsoft.Extensions.Logging.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Logging.dll
MD5: 3f6480b7c509fc21aaf73c32b9ff7aa8
SHA1: c623ba7aaf28dfe6b54fc0ad43c6eba912c6b336
SHA256:6833a9076b9a4bb4195c87cdac7ccf4b99b86d1fc848a08e074d668d1e03530e

Identifiers

Microsoft.Extensions.Logging:7.0.0

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

Microsoft.Extensions.Options.ConfigurationExtensions.dll

Description:

Microsoft.Extensions.Options.ConfigurationExtensions

Provides additional configuration specific functionality related to Options.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Options.ConfigurationExtensions.dll
MD5: cfe09d5db428f456541ba4caa6888b66
SHA1: d52da1aa9b011f1206ee6440e2a2a245c8b76118
SHA256:3c227ac499857cc556a02feaa843f2a711521cb324290a6a2b230227e42db48c

Identifiers

Microsoft.Extensions.Options.ConfigurationExtensions:7.0.0

File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

Identifiers

Microsoft.Extensions.Options.dll

Description:

Microsoft.Extensions.Options

Provides a strongly typed way of specifying and accessing settings using dependency injection.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Options.dll
MD5: 2cde060200f09d54a11200f693d84bc9
SHA1: f65c6baa8a36cbb5b28249177fd74fa1279cfd1c
SHA256:792765a31e12260bf7aa7630d10e40dd9f2e140ffb5678237a2055266b478112

Identifiers

Microsoft.Extensions.PlatformAbstractions.dll

Description:

Abstractions that unify behavior and API across .NET Framework, .NET Core and Mono

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.PlatformAbstractions.dll
MD5: 3c36c3780dcf26fb7ab7d3504f0d5d3f
SHA1: 685de73dd75d717f47d035f017c4e81a44c4c884
SHA256:dd9a5cf0a9baf3bb42dfca15a0f62c25ba3563abd2acf3d36eaab0730853c503

Identifiers

Microsoft.Extensions.Primitives.dll

Description:

Microsoft.Extensions.Primitives

Primitives shared by framework extensions. Commonly used types include:

Commonly Used Types:
Microsoft.Extensions.Primitives.IChangeToken
Microsoft.Extensions.Primitives.StringValues
Microsoft.Extensions.Primitives.StringSegment

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.Extensions.Primitives.dll
MD5: 3ba07a6760be077504734e9c0be0cce3
SHA1: a51acea6a9183d6c73dcedb5b0536f2a5efd5f43
SHA256:8578454489a439d5debd8a8ca9844b3b38076563eaf195cc5ed4bd27a8c54ea3

Identifiers

Microsoft.IdentityModel.JsonWebTokens.dll

Description:

Microsoft.IdentityModel.JsonWebTokens

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.IdentityModel.JsonWebTokens.dll
MD5: 0187f56b73780b36b83c3787cac39953
SHA1: 67d1738858e0c7fb8e6d8cdae698dcf9e34230da
SHA256:4d4f7892ed7eb6198aaed5ca324fc0d4c9ff223df3058aace759ea19b42263bc

Identifiers

  • pkg:generic/Microsoft.IdentityModel.JsonWebTokens@6.25.1.31130  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:json_web_token_project:json_web_token:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Protocols.OpenIdConnect.dll

Description:

Microsoft.IdentityModel.Protocols.OpenIdConnect

Includes types that provide support for OpenIdConnect protocol.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
MD5: ab12a0ce21d3730ec7ea182768bb2409
SHA1: ee9583a42b18271a689db29ceeb490a320bd1f25
SHA256:b2df04680ace444416b01964474905373d941b7ef5d3e760ac9b736c57cd46aa

Identifiers

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Protocols.dll

Description:

Microsoft.IdentityModel.Protocols

Provides base protocol support for OpenIdConnect and WsFederation.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.IdentityModel.Protocols.dll
MD5: c62f64528e559335cee713043e7f02e8
SHA1: 25c730accdd56220ca490f44d56589fd33c9d935
SHA256:a8cc77e6c4cad2813d43b51f5316f09548fb2ee488ea72d3f4240e12bb117cf9

Identifiers

  • pkg:generic/Microsoft.IdentityModel.Protocols@6.10.0.20330  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:6.10.0:20330:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:6.10.0:20330:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:6.10.0:20330:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Tokens.dll

Description:

Microsoft.IdentityModel.Tokens

Includes types that provide support for SecurityTokens, Cryptographic operations: Signing, Verifying Signatures, Encryption.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Microsoft.IdentityModel.Tokens.dll
MD5: 33f6c18917dac746452a4313f3944a5c
SHA1: e992402bf99012501cb7a129a0a52db0a28a3dce
SHA256:09e3f0990e0710dbdf3d09bf8f3e29fcd3d15d1a6145662e4ebfb20d93bb59b8

Identifiers

  • pkg:generic/Microsoft.IdentityModel.Tokens@6.25.1.31130  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.NET.Test.Sdk:17.1.0

File Path: D:\Onboarding\UserManagement\test\UserManagement.Tests\UserManagement.Tests.csproj

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\Microsoft.TestPlatform.CrossPlatEngine.dll
MD5: ffaf793e1b51a17f0ea2a23455826a4a
SHA1: 3cd886d38b876570a8f9b96324d566afbe557a40
SHA256:168d08dd950187b442c5ad2c0158d4084bc18c8bf2fa260393293fb985c3b472

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.resources.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\cs\Microsoft.TestPlatform.CrossPlatEngine.resources.dll
MD5: ab83d5dd37be6aef7e546001f2ae576f
SHA1: 4f6e19dd176eba6f6c52ab6ccfb6c03836fdb6fe
SHA256:349d4a4f68cc790ad7723c1b9df93823de5de570d7c5307e9d10f5aa3ac775f8

Identifiers

Microsoft.VisualStudio.CodeCoverage.Shim.dll

Description:

Microsoft.VisualStudio.CodeCoverage.Shim

File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.CodeCoverage.Shim.dll
MD5: 20f00ff48f16ab892f6e719dc90df0ad
SHA1: a42d0f4018aed5660bc57be30ae895379cf0a1b7
SHA256:96532fa4ad4085d855b1e6992a3b3e22dd05a9a0473bcf5e72b75dc218a52f7e

Identifiers

Newtonsoft.Json.Bson.dll

Description:

Json.NET BSON .NET Standard 2.0

Json.NET BSON adds support for reading and writing BSON

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Newtonsoft.Json.Bson.dll
MD5: 46944e52dbb2982ea49a297902b91ea8
SHA1: 0ed43a73f49e0df7b2fa681a627cad7e25074165
SHA256:f3c56166d7f90296bbe6b03f64335623c3165ed25948288f1f316fa74dd8327f

Identifiers

CVE-2024-21907  

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
CWE-755 Improper Handling of Exceptional Conditions

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

Newtonsoft.Json.dll

Description:

Json.NET .NET Standard 2.0

Json.NET is a popular high-performance JSON framework for .NET

File Path: D:\Onboarding\UserManagement\.sonarqube\bin\Newtonsoft.Json.dll
MD5: bbe7bab7d62fff428929222396154324
SHA1: 142b1f67c392c48bc36d664cdaead35cf00ef209
SHA256:8c1dd5c184b4e2e7ead06971ff3ebcb46783be972292d1deb1061744369b4d80

Identifiers

Newtonsoft.Json.dll

Description:

Json.NET .NET 6.0

Json.NET is a popular high-performance JSON framework for .NET

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Newtonsoft.Json.dll
MD5: 86a83a63f12b55fd3718cfbfb577d7dc
SHA1: 3df82ebba50086de83aee27c63255e80f2d73f3b
SHA256:4816c4276f575e4d85b80633a0df2eadf29496fe00bdc33cd7843e61373bde0e

Identifiers

Newtonsoft.Json.dll

Description:

Json.NET .NET Standard 1.0

Json.NET is a popular high-performance JSON framework for .NET

File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\Newtonsoft.Json.dll
MD5: 04d49720df76d62bce434f19a0da62d2
SHA1: 53d0a3b91036092132f4d0887500b5dc77891d78
SHA256:5d96ee51b2aff592039eebc2ed203d9f55fddf9c0882fb34d3f0e078374954a5

Identifiers

CVE-2024-21907  

Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
CWE-755 Improper Handling of Exceptional Conditions

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

Npgsql.EntityFrameworkCore.PostgreSQL.dll

Description:

Npgsql.EntityFrameworkCore.PostgreSQL

PostgreSQL/Npgsql provider for Entity Framework Core.

File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Npgsql.EntityFrameworkCore.PostgreSQL.dll
MD5: bf2135dd0b4a7a8ec6d2ead16c7eb57a
SHA1: bfede384b4e8b213d0d558180422917562e84df4
SHA256:4024339ffb23c801a13a281acf8b54f2a0c13184bfd0f583f88c6953662d65ad

Identifiers

CVE-2015-0244  

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3166  

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10211  

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled OpenSSL executing code from unprotected directory.
CWE-94 Improper Control of Generation of Code ('Code Injection'), NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1115  

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rotate() function doesn't follow the same ACLs than pg_rorate_logfile. If the adminpack is added to a database, an attacker able to connect to it could exploit this to force log rotation.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0241  

The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0242  

Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-0243  

Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10127  

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for BigSQL-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. An attacker having only the unprivileged Windows account can read arbitrary data directory files, essentially bypassing database-imposed read access limitations. An attacker having only the unprivileged Windows account can also delete certain data directory files.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:2.0/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:L/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25695  

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5423  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
CWE-476 NULL Pointer Dereference

CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-7048  

The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25694  

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-23214  

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10128  

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.1)
  • Vector: /AV:L/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2015-3167  

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-0768  

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
CWE-284 Improper Access Control

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2016-0773  

PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7484  

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CWE-285 Improper Authorization, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5424  

PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:1.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-14798  

A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
CWE-61 UNIX Symbolic Link (Symlink) Following, CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv3:
  • Base Score: HIGH (7.0)
  • Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.9)
  • Vector: /AV:L/AC:M/Au:N/C:C/I:C/A:C

References:

    Vulnerable Software & Versions:

    CVE-2019-10210  

    Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
    CWE-522 Insufficiently Protected Credentials

    CVSSv3:
    • Base Score: HIGH (7.0)
    • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (1.9)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0061  

    The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0063  

    Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
    CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0064  

    Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow.  NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
    CWE-189 Numeric Errors

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0065  

    Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, a different vulnerability than CVE-2014-0063.
    CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-5288  

    The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a "too-short" salt.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2007-2138  

    Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (6.0)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0062  

    Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
    CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    CVSSv2:
    • Base Score: MEDIUM (4.9)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0067  

    The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.6)
    • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-8161  

    PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
    CWE-209 Generation of Error Message Containing Sensitive Information

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-3165  

    Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.
    NVD-CWE-Other

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-3393  

    An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
    CWE-209 Generation of Error Message Containing Sensitive Information

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: LOW (3.5)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0060  

    PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0066  

    The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2010-0733  

    Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
    CWE-189 Numeric Errors

    CVSSv2:
    • Base Score: LOW (3.5)
    • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

    References:
    • af854a3a-2127-422b-91ae-364da2661108 - PATCH
    • secalert@redhat.com - PATCH

    Vulnerable Software & Versions: (show all)

    Npgsql.dll

    Description:

    Npgsql

Npgsql is the open source .NET data provider for PostgreSQL.

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Npgsql.dll
    MD5: 9bbbe5b13b4af4811f75f092fac09458
    SHA1: 0d52c3d42f3cd30ef076c746fe43596e28e00853
    SHA256:7a2c0f05fc717b039e2ae37ca2c831683b8c5a7cd4fdf90f088d399b4de18e3e

    Identifiers

    NuGet.Frameworks.dll

    Description:

    NuGet.Frameworks

NuGet's understanding of target frameworks.

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\NuGet.Frameworks.dll
    MD5: 512e43f9429747041bf225e998ff2d59
    SHA1: 4b4acfd1967cd2906b768454b253550417aa9f03
    SHA256:7a71f486acbe2406aa8bcea388c58969f5df53e7977eec2e029554ed1fc9be86

    Identifiers

    Pomelo.EntityFrameworkCore.MySql:6.0.2

    File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj

    Identifiers

    SonarScanner.MSBuild.Common.dll

    Description:

    SonarScanner.MSBuild.Common

    File Path: D:\Onboarding\UserManagement\.sonarqube\bin\SonarScanner.MSBuild.Common.dll
    MD5: 638176ed2b26d5dc9bb235369e64ee47
    SHA1: fdfa15ce9bc7db4e31fbae1110dd3e93748ba081
    SHA256:59411967838149b3ef121cb6f51faf2cb59ac58e6d1a3fd4061d7cfcddade25b

    Identifiers

    SonarScanner.MSBuild.Tasks.dll

    Description:

    SonarScanner.MSBuild.Tasks

    File Path: D:\Onboarding\UserManagement\.sonarqube\bin\SonarScanner.MSBuild.Tasks.dll
    MD5: a1e7ea5f4cee21609b26391b88408ee0
    SHA1: 3b5b7c413b9086a1c8fcdba384642da437b96600
    SHA256:2024b5c55140da0bb83378fc218e4f48f48e26b49000eb26435e7cf4e2cdd919

    Identifiers

    CVE-2020-22475  

    "Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
    CWE-276 Incorrect Default Permissions

    CVSSv3:
    • Base Score: MEDIUM (6.8)
    • Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:0.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.6)
    • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions:

    CVE-2022-39349  

    The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.
    CWE-668 Exposure of Resource to Wrong Sphere, CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

    CVSSv3:
    • Base Score: MEDIUM (5.5)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    SwaggerController.js

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\controller\SwaggerController.js
    MD5: ea3203e97ba22dcb4c58733de2b3ac54
    SHA1: 5ad1eac499dbeada67eaaf78bc747751264aae1d
    SHA256:627a6ffc91c6732a33d9ff594155b1d2f184cf8c0ff4817f1af5f98f4448e130

    Identifiers

    • None

    Swashbuckle.AspNetCore.Examples.dll

    Description:

    Swashbuckle.AspNetCore.Examples

Adds the SwaggerRequestExample and SwaggerResponseExample attribute for Swashbuckle. This will populate the example property of a schema object in the output swagger.

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.Examples.dll
    MD5: e8e4af0942a93e9e14a41db9da877386
    SHA1: cf0e97d388fb10d4c3bd3e38272231e725917af7
    SHA256:e49c970927f55ca30d51ef02a72a8018d636d01dee49da8c1a6cb9e151772b0b

    Identifiers

    Swashbuckle.AspNetCore.Swagger.dll

    Description:

    Swashbuckle.AspNetCore.Swagger

Middleware to expose Swagger JSON endpoints from API's built on ASP.NET Core

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.Swagger.dll
    MD5: 1561a8168854d0d464856cd980acc455
    SHA1: 26e98626430375d7c4842be8d0a25e8d7026c5b0
    SHA256:c797237da5e07d88a1576d5edbcd2e775e0b5f506d464e2d3b40e5985593c564

    Identifiers

    Swashbuckle.AspNetCore.SwaggerGen.dll

    Description:

    Swashbuckle.AspNetCore.SwaggerGen

Swagger Generator for API's built on ASP.NET Core

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.SwaggerGen.dll
    MD5: 5b00e76687a228a01f7432e8b49a3cc4
    SHA1: 5c4f85708881a9ca9de58af46768bfec55b30a97
    SHA256:210ead724c458892b0ab805107e5cb2b44c74d169e89f56e851a71b6e4182747

    Identifiers

    System.IdentityModel.Tokens.Jwt.dll

    Description:

    System.IdentityModel.Tokens.Jwt

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\System.IdentityModel.Tokens.Jwt.dll
    MD5: 9f46bcace87297112eb2d5c014c567df
    SHA1: 67233c3f7b1a18e42922cdc8090cc8b3ae3df216
    SHA256:d846a6c25639740ab0bd169734859678b32af9c371b544c5faf5960f70df3727

    Identifiers

    • pkg:generic/System.IdentityModel.Tokens.Jwt@6.25.1.31130  (Confidence:Medium)
    • cpe:2.3:a:identitymodel_project:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
    • cpe:2.3:a:microsoft:identity_model:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  
    • cpe:2.3:a:microsoft:identitymodel:6.25.1.31130:*:*:*:*:*:*:*  (Confidence:Low)  

    CVE-2024-21319  

    Microsoft Identity Denial of service vulnerability
    CWE-20 Improper Input Validation, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: MEDIUM (6.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    System.IdentityModel.Tokens.Jwt:6.25.1

    File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj

    Identifiers

    CVE-2024-21319 (OSSINDEX)  

    Microsoft Identity Denial of service vulnerability
    CWE-20 Improper Input Validation

    CVSSv3:
    • Base Score: MEDIUM (6.800000190734863)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

    References:

    Vulnerable Software & Versions (OSSINDEX):

    • cpe:2.3:a:*:System.IdentityModel.Tokens.Jwt:6.25.1:*:*:*:*:*:*:*

    UserManagement.API.Tests.csproj

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\UserManagement.API.Tests.csproj
    MD5: de18b7ba62a4134f4f9e6574a5239abf
    SHA1: ce94fd22e3036edcdf890dbcb9dacb27a9018a61
    SHA256:4785fc604ca3a655dd27655dbcf6e7f435cef1c4e7414230d860fb1a8c65ce34

    Identifiers

    • None

    UserManagement.API.Tests.dll

    Description:

    UserManagement.API.Tests

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\UserManagement.API.Tests.dll
    MD5: e44174dcbba91f8af45c1684baa782cc
    SHA1: 6ca38ff4288ceb3a46f429d13a38dd0abb4598ee
    SHA256:75e47df75451280aaa9a64cab9b7c59d83faeb108f74caa3cae46295aff9d390

    Identifiers

    UserManagement.API.csproj

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\UserManagement.API.csproj
    MD5: 0e7f0ac94f10d3023e773902e8ffb217
    SHA1: 39ce7054f333ab0f8806854a8f702b35f484fd9f
    SHA256:ab685a2d2f711f77ca096d5ecc3f24c319775381166bb35a2c0d3c8d393686a7

    Identifiers

    • None

    UserManagement.API.exe

    File Path: D:\Onboarding\UserManagement\src\UserManagement.API\bin\Debug\net6.0\UserManagement.API.exe
    MD5: 00431c8da4371c7d40cbf90a22f8e6e1
    SHA1: 32f682fc5838a85cddca995707ab0eded49dc3de
    SHA256:19081a1353626f6dc974547263bfb4b86bd974bdcbfac30038c3c728c98ea3e6

    Identifiers

    • None

    UserManagement.Tests.csproj

    File Path: D:\Onboarding\UserManagement\test\UserManagement.Tests\UserManagement.Tests.csproj
    MD5: 200fa38974d837a708aadc4851ce2417
    SHA1: 5aa4c18401e6036ab3d1e040ed4a7ac172621209
    SHA256:0a0196fa45d76e4263ee651372e22fc718520b2a8b1eea3788c18d7cbda379c2

    Identifiers

    • None

    UserManagement.Tests.dll

    Description:

    UserManagement.Tests

    File Path: D:\Onboarding\UserManagement\test\UserManagement.Tests\bin\Debug\net6.0\UserManagement.Tests.dll
    MD5: 6ba7dceff5abc1ebb7a76686ad081cb6
    SHA1: dfa4bd7bcbd34cdecccd35543d84ce51ba43acaa
    SHA256:8c292b7b973bb6c3b1cb2188926338f976a01cfe2a65cbaac36d39a2d571b31c

    Identifiers

    UserManagement.csproj

    File Path: D:\Onboarding\UserManagement\src\UserManagement\UserManagement.csproj
    MD5: d5ba31782f78a69cf07c85d7e03122d2
    SHA1: 8696c00ec736a7064cac891d07ef47750aa2510a
    SHA256:77103acbad4db89974761fb4014b51bcf3d98f6e0c51620e0b9a18f93f31e4b0

    Identifiers

    • None

    UserManagement.dll

    Description:

    UserManagement

    File Path: D:\Onboarding\UserManagement\src\ClearReportHandler\bin\Debug\net6.0\UserManagement.dll
    MD5: 9f44cf5a4768bbb770f6c5e90f178838
    SHA1: d83408855437d66aa2ec6ab1e6d54802a647b7c2
    SHA256:7d9cd14c49c8f5971df7d7ad7a34ba591e5926a956784c6bc6d9ed8fce93d522

    Identifiers

    UserSessionDeletionHandler.csproj

    File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\UserSessionDeletionHandler.csproj
    MD5: 8a09049c447fa3739e736502db72f929
    SHA1: 5ce3c89a17ff6d7f87a76fb58a33ed5861982be2
    SHA256:c19e32245b98e880e8b3ca59aff59070ceb6ee5ee2baaf1b115c958700af385f

    Identifiers

    • None

    UserSessionDeletionHandler.dll

    Description:

    UserSessionDeletionHandler

    File Path: D:\Onboarding\UserManagement\src\UserSessionDeletionHandler\bin\Debug\net6.0\UserSessionDeletionHandler.dll
    MD5: f6020d2d1322a5e7183f333368d5b693
    SHA1: e9a04df29a376ad419bd781791ec60d392cf5856
    SHA256:9354ccded5bf1b3cb38e906d303be078339ee95e6b3037fa7a1e094ffcd66415

    Identifiers

    UserSwagger.js

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\definitions\UserSwagger.js
    MD5: c9f0f0cb03892538abbc601d2ebd2cc5
    SHA1: f6d200edcc23cf8f5f774aac83f63ad80653fffd
    SHA256:cc5c7d4fa4c25251c4836a751c92bd44b525bad5d681e6d80350f2328b02c9e8

    Identifiers

    • None

    Utility.js

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\definitions\Utility.js
    MD5: 274f89dce02968c5968aa4fe3419f96e
    SHA1: 784aa6c8d28efccbe0a68696e25ab10fc8f73bf3
    SHA256:751733f186b686366a5b8b3b35259c465d0ed955310bb59b30024f6b32760067

    Identifiers

    • None

    coverlet.collector:3.1.2

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\UserManagement.API.Tests.csproj

    Identifiers

    package.json

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\package.json
    MD5: 900eea6dcc0ec5f5e340d4e925c560e9
    SHA1: 102729223fff910795cb01de9abd02b2c99f57df
    SHA256:b1d5cca4276e489b92c01b11088b551c14288c76a704d813097231c13927f608

    Identifiers

    • None

    swagger.js

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger.js
    MD5: 8c966df86ee27632be72505b900f5916
    SHA1: 9763a3faecb7eb413fff25dc9b64d48180ad717d
    SHA256:2361cc5e66651683d9f2ad44475939cb656919330e9eda7752d39bceeb20a068

    Identifiers

    • None

    swaggerDefinition.js

    File Path: D:\Onboarding\UserManagement\src\UserManagement.Swagger.API\swagger\swaggerDefinition.js
    MD5: 11f49e972e1de3bac564a6512529dc57
    SHA1: 4a1b42f0ab5e0898dff63924a889ad95d7691938
    SHA256:917c6ccfeff08cfb9723115dadf36a67b3295b43ab6f29e135fea5c805197bb6

    Identifiers

    • None

    testhost.dll

    Description:

    testhost

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\testhost.dll
    MD5: c734527344e5822b132597e920cbc0c4
    SHA1: eca37adc36476a559b960dc4de04325b4abe6be0
    SHA256:2c0ea95d5b1df876a6124ff16ca35d9366798a271bb4fc0e6e62b26be0ac6260

    Identifiers

    testhost.exe

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\testhost.exe
    MD5: 9891517fb831f0a350ce46fbcf882a53
    SHA1: 63251c860b0e7a5fdd47b24bb3dbd8de4d8c9c84
    SHA256:778c50104a0487a4a2e48774471e304eee7fb42a37327e8b74252a5d435e8212

    Identifiers

    • None

    xunit.abstractions.dll

    Description:

    xUnit.net Abstractions (PCL)

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.abstractions.dll
    MD5: d8a035462916c19a6dd13cb534051e81
    SHA1: 92a0d358e7342e3da1e73dfb27c783de55a379c1
    SHA256:3166dc70323fb30ccf1cedb0fe86f2ad122c46d254542342d90386efc4c9285c

    Identifiers

    xunit.assert.dll

    Description:

    xUnit.net Assertion Library

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.assert.dll
    MD5: 424d4d02c203bb271b05891afd4b840b
    SHA1: b8f5f3d5063635765be0beab80329a0c1da87619
    SHA256:17b97301ee85f235cc45134055a2edc2fe6996966bd9fdebf0aede9770c6a06e

    Identifiers

    xunit.core.dll

    Description:

    xUnit.net Core

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.core.dll
    MD5: 63af8c05d126e90217560b32436283ba
    SHA1: 048ae886d2b90c14b0fbac8f852a9537a1720013
    SHA256:ea7acbee4e78e941df6cfe346e44be0e35e959015dc4421635fd114dbec42467

    Identifiers

    xunit.execution.dotnet.dll

    Description:

    xUnit.net Execution (dotnet)

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.execution.dotnet.dll
    MD5: bf60647fe6418db954344327a1fd9329
    SHA1: e36e00d865b5778fa6872b7e91aa43c2f506e3d2
    SHA256:99088544fcadd500e30258645765ab01e21d31fc29c46fd46b7def55fe35268f

    Identifiers

    xunit.runner.reporters.netcoreapp10.dll

    Description:

    xUnit.net Runner Reporters (.NET Core 1.0)

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.runner.reporters.netcoreapp10.dll
    MD5: 8dd04d8859206dcce5c1d400cd918dcd
    SHA1: eb81d761992ab633584cf7ecd8f7843743d1b136
    SHA256:2029c8d47645da90e0d58537ee0fd101e1291108806630232c138d52ec382de4

    Identifiers

    xunit.runner.utility.netcoreapp10.dll

    Description:

    xUnit.net Runner Utility (.NET Core 1.0)

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.runner.utility.netcoreapp10.dll
    MD5: 23b2927c45ffe829bcdc6ba6e437c651
    SHA1: 9de3650db94aa5fe82f8c04a719f137179f50059
    SHA256:508b79ae64e32fe80180118c86529f62d278deeec48c58c2cc091843650727e0

    Identifiers

    xunit.runner.visualstudio.dotnetcore.testadapter.dll

    Description:

    xUnit.net Runner for Visual Studio (netcoreapp2.1)

Visual Studio 2017 15.9+ Test Explorer runner for the xUnit.net framework. Capable of running xUnit.net v1.9.2 and v2.0+ tests. Supports .NET 2.0 or later, .NET Core 2.1 or later, and Universal Windows 10.0.16299 or later.

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\bin\Debug\net6.0\xunit.runner.visualstudio.dotnetcore.testadapter.dll
    MD5: f59853cbf4a8e6b9398e0fb728b8684c
    SHA1: c52840f8848c91e41d63790df0a1fc5e7ae5daf5
    SHA256:070380b5358b9b6bb58b4ae75b7aa04972c0ba40edc8b119ef72ac3ab70ebc45

    Identifiers

    xunit.runner.visualstudio:2.4.3

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\UserManagement.API.Tests.csproj

    Identifiers

    xunit:2.4.1

    File Path: D:\Onboarding\UserManagement\test\UserManagement.API.Tests\UserManagement.API.Tests.csproj

    Identifiers



    This report contains data retrieved from the National Vulnerability Database.
    This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
    This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
    This report may contain data retrieved from RetireJS.
    This report may contain data retrieved from the Sonatype OSS Index.