Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Testing

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
APF.Core3.1.AWS:6.0.0.*pkg:nuget/APF.Core3.1.AWS@6.0.0.%2A 08
APF.Core3.1.AWS:6.0.0.1pkg:nuget/APF.Core3.1.AWS@6.0.0.1 08
APF.Core3.1:6.0.0.*pkg:nuget/APF.Core3.1@6.0.0.%2A 08
AWSSDK.CloudWatch.dllcpe:2.3:a:web_project:web:3.7.2.10:*:*:*:*:*:*:*pkg:generic/AWSSDK.CloudWatch@3.7.2.10 0Low13
AWSSDK.CloudWatchEvents.dllpkg:generic/AWSSDK.CloudWatchEvents@3.7.3.21 013
AWSSDK.CloudWatchLogs.dllcpe:2.3:a:web_project:web:3.7.1.29:*:*:*:*:*:*:*pkg:generic/AWSSDK.CloudWatchLogs@3.7.1.29 0Low13
AWSSDK.CognitoIdentity.dllcpe:2.3:a:web_project:web:3.7.0.2:*:*:*:*:*:*:*pkg:generic/AWSSDK.CognitoIdentity@3.7.0.2 0Low13
AWSSDK.CognitoIdentityProvider.dllcpe:2.3:a:web_project:web:3.7.1.26:*:*:*:*:*:*:*pkg:generic/AWSSDK.CognitoIdentityProvider@3.7.1.26 0Low13
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.7.100.17:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.7.100.17 0Low21
AWSSDK.Core:3.7.100.22pkg:nuget/AWSSDK.Core@3.7.100.22 06
AWSSDK.Extensions.NETCore.Setup.dllpkg:generic/AWSSDK.Extensions.NETCore.Setup@3.3.100.0 013
AWSSDK.Extensions.NETCore.Setup:3.7.2pkg:nuget/AWSSDK.Extensions.NETCore.Setup@3.7.2 08
AWSSDK.Kinesis.dllcpe:2.3:a:web_project:web:3.7.0.0:*:*:*:*:*:*:*pkg:generic/AWSSDK.Kinesis@3.7.0.0 0Low13
AWSSDK.Lambda.dllcpe:2.3:a:amazon:aws_lambda:3.7.3.3:*:*:*:*:*:*:*pkg:generic/AWSSDK.Lambda@3.7.3.3 0Low13
AWSSDK.RDS:3.7.103.1pkg:nuget/AWSSDK.RDS@3.7.103.1 06
AWSSDK.RDS:3.7.104.3pkg:nuget/AWSSDK.RDS@3.7.104.3 06
AWSSDK.S3.dllpkg:generic/AWSSDK.S3@3.7.9.23 021
AWSSDK.SQS.dllcpe:2.3:a:web_project:web:3.7.0.55:*:*:*:*:*:*:*pkg:generic/AWSSDK.SQS@3.7.0.55 0Low13
AWSSDK.SecurityToken.dllpkg:generic/AWSSDK.SecurityToken@3.7.0.2 013
AWSSDK.SimpleNotificationService.dllcpe:2.3:a:service_project:service:3.7.2.25:*:*:*:*:*:*:*pkg:generic/AWSSDK.SimpleNotificationService@3.7.2.25 0Low13
AWSSDK.SimpleSystemsManagement.dllpkg:generic/AWSSDK.SimpleSystemsManagement@3.7.0.2 019
AWSSDK.SimpleSystemsManagement:3.7.20.6pkg:nuget/AWSSDK.SimpleSystemsManagement@3.7.20.6 06
Amazon.AspNetCore.DataProtection.SSM.dllcpe:2.3:a:asp-project:asp-project:2.1.0:*:*:*:*:*:*:*pkg:generic/Amazon.AspNetCore.DataProtection.SSM@2.1.0 0Low16
Amazon.Lambda.APIGatewayEvents.dllcpe:2.3:a:web_project:web:1.2.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.APIGatewayEvents@1.2.0.0 0Low15
Amazon.Lambda.APIGatewayEvents:2.4.0pkg:nuget/Amazon.Lambda.APIGatewayEvents@2.4.0 08
Amazon.Lambda.CloudWatchEvents.dllpkg:generic/Amazon.Lambda.CloudWatchEvents@0.0.0.0 09
Amazon.Lambda.Core.dllcpe:2.3:a:web_project:web:1.0.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.Core@1.0.0.0 0Low15
Amazon.Lambda.Core:2.1.0pkg:nuget/Amazon.Lambda.Core@2.1.0 08
Amazon.Lambda.KinesisAnalyticsEvents.dllpkg:generic/Amazon.Lambda.KinesisAnalyticsEvents@0.0.0.0 09
Amazon.Lambda.KinesisFirehoseEvents.dllpkg:generic/Amazon.Lambda.KinesisFirehoseEvents@0.0.0.0 09
Amazon.Lambda.LexEvents.dllpkg:generic/Amazon.Lambda.LexEvents@0.0.0.0 09
Amazon.Lambda.S3Events.dllpkg:generic/Amazon.Lambda.S3Events@1.0.0.0 015
Amazon.Lambda.S3Events:2.0.1pkg:nuget/Amazon.Lambda.S3Events@2.0.1 08
Amazon.Lambda.SNSEvents:2.0.0pkg:nuget/Amazon.Lambda.SNSEvents@2.0.0 08
Amazon.Lambda.Serialization.Json.dllpkg:generic/Amazon.Lambda.Serialization.Json@1.2.0 015
Amazon.Lambda.Serialization.Json:2.0.0pkg:nuget/Amazon.Lambda.Serialization.Json@2.0.0 08
Amazon.Lambda.Serialization.Json:2.1.0pkg:nuget/Amazon.Lambda.Serialization.Json@2.1.0 08
Authorizer.csproj 02
Authorizer.dllpkg:generic/Authorizer@1.0.0 016
AwsParameterStore.Microsoft.Extensions.Configuration:0.7.0pkg:nuget/AwsParameterStore.Microsoft.Extensions.Configuration@0.7.0 08
GatewayUnifier.csproj 02
GatewayUnifier.dllpkg:generic/GatewayUnifier@1.0.0 016
Hashids.net:1.3.0pkg:nuget/Hashids.net@1.3.0 06
Lumigo.DotNET.Instrumentation.dllpkg:generic/Lumigo.DotNET.Instrumentation@1.0.0 016
Lumigo.DotNET.Parser.dllpkg:generic/Lumigo.DotNET.Parser@1.0.0 016
Lumigo.DotNET.Utilities.dllpkg:generic/Lumigo.DotNET.Utilities@1.0.0 016
Lumigo.DotNET.dllpkg:generic/Lumigo.DotNET@1.0.45 022
MSTest.TestAdapter:1.2.0pkg:nuget/MSTest.TestAdapter@1.2.0 06
MSTest.TestFramework:1.2.0pkg:nuget/MSTest.TestFramework@1.2.0 06
Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3cpe:2.3:a:asp-project:asp-project:3.1.3:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.Authentication.JwtBearer@3.1.3LOW1Low8
Microsoft.AspNetCore.Hosting.Server.Abstractions.dllcpe:2.3:a:asp-project:asp-project:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:2.0.3:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.Hosting.Server.Abstractions@2.0.3 0Low15
Microsoft.DotNet.PlatformAbstractions.dllpkg:generic/Microsoft.DotNet.PlatformAbstractions@1.0.1 09
Microsoft.Extensions.Configuration.Abstractions.dllpkg:generic/Microsoft.Extensions.Configuration.Abstractions@2.0.2 015
Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1pkg:nuget/Microsoft.Extensions.Configuration.EnvironmentVariables@6.0.1 08
Microsoft.Extensions.Configuration.Json:6.0.0pkg:nuget/Microsoft.Extensions.Configuration.Json@6.0.0 08
Microsoft.Extensions.Configuration:6.0.1pkg:nuget/Microsoft.Extensions.Configuration@6.0.1 08
Microsoft.Extensions.DependencyInjection.Abstractions.dllpkg:generic/Microsoft.Extensions.DependencyInjection.Abstractions@2.0.0 017
Microsoft.Extensions.DependencyInjection.dllpkg:generic/Microsoft.Extensions.DependencyInjection@2.0.0 015
Microsoft.Extensions.DependencyInjection:6.0.1pkg:nuget/Microsoft.Extensions.DependencyInjection@6.0.1 08
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@1.0.1 09
Microsoft.Extensions.FileProviders.Abstractions.dllpkg:generic/Microsoft.Extensions.FileProviders.Abstractions@2.0.1 015
Microsoft.Extensions.Hosting.Abstractions.dllcpe:2.3:a:microsoft:.net_core:2.0.3:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Hosting.Abstractions@2.0.3 0Low15
Microsoft.Extensions.Logging.Abstractions.dllpkg:generic/Microsoft.Extensions.Logging.Abstractions@2.0.2 017
Microsoft.Extensions.Logging.Console:6.0.0pkg:nuget/Microsoft.Extensions.Logging.Console@6.0.0 08
Microsoft.Extensions.Options.dllpkg:generic/Microsoft.Extensions.Options@2.0.2 015
Microsoft.Extensions.Primitives.dllpkg:generic/Microsoft.Extensions.Primitives@2.0.0 015
Microsoft.NET.Test.Sdk:15.5.0pkg:nuget/Microsoft.NET.Test.Sdk@15.5.0 08
Microsoft.TestPlatform.CrossPlatEngine.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine@15.0.0 0Low12
Microsoft.TestPlatform.CrossPlatEngine.resources.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine.resources@15.0.0 0Low11
Microsoft.VisualStudio.CodeCoverage.Shim.dllpkg:generic/Microsoft.VisualStudio.CodeCoverage.Shim@15.0.26228.0 017
Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dllcpe:2.3:a:microsoft:services:14.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:testplatform_project:testplatform:14.0.0.1:*:*:*:*:*:*:*		pkg:generic/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface@14.0.0.1 0Low15
Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dllcpe:2.3:a:testplatform_project:testplatform:14.0.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices@14.0.0.0 0Low15
Microsoft.VisualStudio.TestPlatform.TestFramework.dllcpe:2.3:a:testplatform_project:testplatform:14.0.0.1:*:*:*:*:*:*:*pkg:generic/Microsoft.VisualStudio.TestPlatform.TestFramework@14.0.0.1 0Low13
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:13.0.1:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@13.0.1 0Low22
RoleAccessHandler.Tests.csproj 02
RoleAccessHandler.Tests.dllpkg:generic/RoleAccessHandler.Tests@1.0.0 014
RoleAccessHandler.csproj 02
RoleAccessHandler.dllpkg:generic/RoleAccessHandler@1.0.0 016
SonarScanner.MSBuild.Common.dllpkg:generic/SonarScanner.MSBuild.Common@6.1.0.83647 017
SonarScanner.MSBuild.Tasks.dllcpe:2.3:a:tasks:tasks:6.1.0.83647:*:*:*:*:*:*:*pkg:generic/SonarScanner.MSBuild.Tasks@6.1.0.83647MEDIUM2Low15
System.Security.Cryptography.Xml.dllpkg:generic/System.Security.Cryptography.Xml@4.6.26418.02 018
System.Xml.XPath.XmlDocument.dllpkg:generic/System.Xml.XPath.XmlDocument@1.0.24212.01 020
aws-sdk:2.266.1pkg:npm/aws-sdk@2.266.1CRITICAL23
aws-sdk:2.269.1pkg:npm/aws-sdk@2.269.1CRITICAL23
index.js 00
index.js 00
index.js 00
index.js 00
jszip:3.1.5pkg:npm/jszip@3.1.5HIGH43
lodash:4.17.10pkg:npm/lodash@4.17.10CRITICAL113
operation.js 00
swaggermerge.js 00
testhost.dllpkg:generic/testhost@15.0.0 011
xml2js:0.4.17pkg:npm/xml2js@0.4.17MEDIUM23

Dependencies (vulnerable)

APF.Core3.1.AWS:6.0.0.*

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

APF.Core3.1.AWS:6.0.0.1

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

APF.Core3.1:6.0.0.*

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

AWSSDK.CloudWatch.dll

Description:

AWSSDK.CloudWatch

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.CloudWatch.dll
MD5: 9d23346785b3396e8b59177713590423
SHA1: e84faaba12a5b79db1ab580fe8ea6c6b93d1fe03
SHA256:6486f279a31e811c144890f932cb7044f286bc803c5f8a988b62adb1c25ebc24

Identifiers

AWSSDK.CloudWatchEvents.dll

Description:

AWSSDK.CloudWatchEvents

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch Events. Amazon CloudWatch Events helps you to respond to state changes in your AWS resources. When your resources change state they automatically send events into an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a pre-determined schedule.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.CloudWatchEvents.dll
MD5: 6b1541f7461a9a513a718285e86d42ac
SHA1: 92cf5b4de876b4ba45d86aa0dc2e58659a4d57db
SHA256:331bbc34798197ca2ca68d0aa081227f4f030c610a5ff84227462021bf852f7b

Identifiers

AWSSDK.CloudWatchLogs.dll

Description:

AWSSDK.CloudWatchLogs

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch Logs. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.CloudWatchLogs.dll
MD5: c2d546dcd8bb37c54e2bfe6362bc2ac9
SHA1: a7387ef1a89f6cedd3e195c5d328520049ada04f
SHA256:b7232938714e18b2f44e14db68d4528a6e346db67a71067159bedfb87ea9af24

Identifiers

AWSSDK.CognitoIdentity.dll

Description:

AWSSDK.CognitoIdentity

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Cognito Identity. Amazon Cognito is a service that makes it easy to save user data, such as app preferences or game state, in the AWS Cloud without writing any backend code or managing any infrastructure. With Amazon Cognito, you can focus on creating great app experiences instead of having to worry about building and managing a backend solution to handle identity management, network state, storage, and sync.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.CognitoIdentity.dll
MD5: 077d87642ad4a529f29c588103e1e9e9
SHA1: 5f457ed88006ef6cd8754e8009ec90ee88ec4222
SHA256:245c739a5dfc5d54bfe748463cad69c62672376e5223d320fd5ea06e23e5ef26

Identifiers

AWSSDK.CognitoIdentityProvider.dll

Description:

AWSSDK.CognitoIdentityProvider

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Cognito Identity Provider. You can create a user pool in Amazon Cognito Identity to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies. This API reference provides information about user pools in Amazon Cognito Identity, which is a new capability that is available as a beta.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.CognitoIdentityProvider.dll
MD5: e6a430a806b6c5c99263721a969311bb
SHA1: 0b91d48fdefd6bff4ba75f8c6192f1313d55e04c
SHA256:97c75eccc1a35cbf04492edf7e81e341611628e64c0747679764fd8c7b04484d

Identifiers

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Core Runtime

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.Core.dll
MD5: 497251dbaf08e7320494dde999574d82
SHA1: 532cfac8d56711752823de0f6530925b7e691560
SHA256:eb7fc7485013a57aeab454b0df161ecdf14ebf48e16d7ca14fbed5f5aaf92639

Identifiers

AWSSDK.Core:3.7.100.22

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

AWSSDK.Extensions.NETCore.Setup.dll

Description:

AWSSDK.Extensions.NETCore.Setup

Amazon Web Services SDK for .NET extensions for .NET Core setup

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.Extensions.NETCore.Setup.dll
MD5: ba4e1f512dc604aa5acb619e21a85e33
SHA1: 1559609f307e078da77a8707475ce211700f78bd
SHA256:0faedb59d138a58703944a4a2fc7455d0b4b23cbe53c5087e1fe634b6757a8c1

Identifiers

AWSSDK.Extensions.NETCore.Setup:3.7.2

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

AWSSDK.Kinesis.dll

Description:

AWSSDK.Kinesis

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Kinesis. Amazon Kinesis is a fully managed, cloud-based service for real-time processing of large, distributed data streams.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.Kinesis.dll
MD5: 55f9c9dfc45d0c99d00df1fdb8906dba
SHA1: d9bec436c205666bafd3a83c564f44f1842c910d
SHA256:1b9bda747c0f5649eb9f6f44fba0acd7b849e726c673b0cb38d5ee0bc7f78437

Identifiers

AWSSDK.Lambda.dll

Description:

AWSSDK.Lambda

The Amazon Web Services SDK for .NET (.NET Core 3.1) - AWS Lambda. AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.Lambda.dll
MD5: 8e9fdd824d660ddf700c1616b4211ecb
SHA1: f68793ff15c1451a6fa7ae9866d9e41eea9daa95
SHA256:57010c8613942e972f5443b8247db47ef68239404626ec8354ac4630f9ea65fc

Identifiers

AWSSDK.RDS:3.7.103.1

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

AWSSDK.RDS:3.7.104.3

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

AWSSDK.S3.dll

Description:

AWSSDK.S3

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Storage Service. Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable object storage.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.S3.dll
MD5: e353b098e61f99dc5ad9deb64979b086
SHA1: a8a5a8311baad216c4939b80ed1a4b0dee39221b
SHA256:5eba0cd9f4aa536ac36fab2cf8e1c3824f80be4e51ff863ec55f56a235c664a1

Identifiers

AWSSDK.SQS.dll

Description:

AWSSDK.SQS

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Queue Service. Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service. SQS makes it simple and cost-effective to decouple the components of a cloud application.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.SQS.dll
MD5: b64058f765f446099bfafdd7de480b0b
SHA1: 074f840c244bab2a2de9679c2c536bfd8b180ceb
SHA256:a54f151d8eb606fd9d02e62489c76fbf0c7fb620268822f5ddb3989b948f31e4

Identifiers

AWSSDK.SecurityToken.dll

Description:

AWSSDK.SecurityToken

The Amazon Web Services SDK for .NET (.NET Core 3.1) - AWS Security Token Service. The AWS Security Token Service (AWS STS) enables you to provide trusted users with temporary credentials that provide controlled access to your AWS resources.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.SecurityToken.dll
MD5: cc71468541154b15038c3cac1bbb3f23
SHA1: d86b9f4eb2d14659d48f55169df90d1ef963d129
SHA256:fe6eaecdd72a6280bb72db3a17dc63748d32b1114254cac74c3c44da0d8cc25b

Identifiers

AWSSDK.SimpleNotificationService.dll

Description:

AWSSDK.SimpleNotificationService

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Notification Service. Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push notifications to Apple, Google, Fire OS, and Windows devices, as well as Android devices in China with Baidu Cloud Push.  You can also use SNS to push notifications to internet connected smart devices, as well as other distributed services.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.SimpleNotificationService.dll
MD5: 2a0aea99f4086fc30ca14f26c189b6fd
SHA1: d01c20985248b70fbef818dbbfbfd9a6836f3c30
SHA256:e5436663f4135f650f7a4663fac7626570c2f9be76f7a29474b8a4851705030a

Identifiers

AWSSDK.SimpleSystemsManagement.dll

Description:

AWSSDK.SimpleSystemsManagement

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Systems Manager (SSM). Amazon EC2 Simple Systems Manager (SSM) enables you to manage a number of administrative and configuration tasks on your instances.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\AWSSDK.SimpleSystemsManagement.dll
MD5: 26fd7bd79d315ed267656b83e1974be2
SHA1: c3a40d060ed4f71e3877e16190c483705ff471cc
SHA256:154cc873aa5a53b93a94cfd5cd1f7f594401e26a1d857cd6601ab30dd410c6ec

Identifiers

AWSSDK.SimpleSystemsManagement:3.7.20.6

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

Amazon.AspNetCore.DataProtection.SSM.dll

Description:

Amazon.AspNetCore.DataProtection.SSM

AWS Systems Manager ASP.NET Core Data Protection Provider library allows you to use AWS Systems Manager's Parameter Store to store keys generated by ASP.NET's Data Protection API.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.AspNetCore.DataProtection.SSM.dll
MD5: c68f7ef58793633aca20d5537f8556b6
SHA1: c6aa5cd3d91a92375da190b38531c610577ace5e
SHA256:67d29bc3abd30afc2b17f9d1f1c1f655e833983c766403e4ecd4795449cf7b69

Identifiers

Amazon.Lambda.APIGatewayEvents.dll

Description:

Amazon.Lambda.APIGatewayEvents

Lambda event interfaces for API Gateway event source.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.APIGatewayEvents.dll
MD5: b6ca3641f0c25773bac593a06a0fb9e3
SHA1: 95a763997227a26c7220d5ce12590f9c91cc2161
SHA256:3c570cbb4ae78b5882cbe5472fcc3c97c59e59d367d73d44908102df4671b234

Identifiers

Amazon.Lambda.APIGatewayEvents:2.4.0

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

Amazon.Lambda.CloudWatchEvents.dll

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.CloudWatchEvents.dll
MD5: 95bcaf057baddd5713bcc10d17a73d5d
SHA1: bed28cd81de9b98d42c2bdf68a69aab61c5c26f7
SHA256:5f79fb4e79167c31d73b9bf1cff5f1b3241f9162e1aa889a76cccbe951f22b77

Identifiers

Amazon.Lambda.Core.dll

Description:

Amazon.Lambda.Core

Core interfaces for Lambda.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.Core.dll
MD5: e3ff649709a36002a8caeba1c2b6a63c
SHA1: 8a0d532bd5dd292dd8b5572c81a0af48a30cd5ce
SHA256:d3fd1d761d03288299dfb5bc5fbb9650c360e815176828704ed683d056ffa249

Identifiers

Amazon.Lambda.Core:2.1.0

File Path: D:\Auropayrepos\AWSInfra\src\RoleAccessHandler\RoleAccessHandler.csproj

Identifiers

Amazon.Lambda.KinesisAnalyticsEvents.dll

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.KinesisAnalyticsEvents.dll
MD5: 8f07da2c44d07e00ffd18617185a44a6
SHA1: a3ee958d7b47e88ab6ae0574f37e6fa6e953999a
SHA256:239691d2dfbae3d58ea3c9b8c2f5b396b4f25651c36daa79099a9cf6e8c9c427

Identifiers

Amazon.Lambda.KinesisFirehoseEvents.dll

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.KinesisFirehoseEvents.dll
MD5: d82690e43781e417b29ff66f8b5ef4d0
SHA1: 4c1f6bba718b21df0b04b4bd67cbbc83dd2d2221
SHA256:179e5a4529400afdc968f507b8431d5231517a83152a3c0ad4eaf90b2a9cfc54

Identifiers

Amazon.Lambda.LexEvents.dll

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.LexEvents.dll
MD5: b89322ea82ad62547d97a46dd9dc14b6
SHA1: db339961be56761b0e8a506e3c14fcd50b9e1e54
SHA256:96936afa0b68936a44785528b270f1e7f65967af7707d61d144fccf91cf6f35a

Identifiers

Amazon.Lambda.S3Events.dll

Description:

Amazon.Lambda.S3Events

Lambda event interfaces for S3 event source.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.S3Events.dll
MD5: 5ef1a162e3b5f0c31e8d4580f4624790
SHA1: 688edb3da7fbf8812e6fd5a819c52eb8fdb5bb49
SHA256:8271ee68778721ea61b439e5440a81a2863edfabdcb2c9c1778a9b8b86969fdd

Identifiers

Amazon.Lambda.S3Events:2.0.1

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Amazon.Lambda.SNSEvents:2.0.0

File Path: D:\Auropayrepos\AWSInfra\src\RoleAccessHandler\RoleAccessHandler.csproj

Identifiers

Amazon.Lambda.Serialization.Json.dll

Description:

Amazon.Lambda.Serialization.Json

Default serializer implementation for Lambda event sources.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Amazon.Lambda.Serialization.Json.dll
MD5: c030d6816810c3ea7b0fce93a9602136
SHA1: a17096f807250780cf8bdfd223aabb41deb25dfc
SHA256:159dce66dc379ab3b45aaf95b07c1398fef023d1d57b9d76b28b86916bdac66d

Identifiers

Amazon.Lambda.Serialization.Json:2.0.0

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Amazon.Lambda.Serialization.Json:2.1.0

File Path: D:\Auropayrepos\AWSInfra\src\RoleAccessHandler\RoleAccessHandler.csproj

Identifiers

Authorizer.csproj

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj
MD5: 3c9d5570d5068fad425e6f0d50ca1ce1
SHA1: c542a44aa6996dc29ab5635b185342aa7ab1d117
SHA256:502c4c0f8ee9f47bc29a08de194c44983a5c20f4bbbebfce0ab17f454ddc0ef9

Identifiers

  • None

Authorizer.dll

Description:

Authorizer

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\bin\Debug\net6.0\Authorizer.dll
MD5: 5823d412d186ce175b0380457efe6280
SHA1: 9753d7430c99d18bbd8cbbea7600db39e8d48197
SHA256:9b37cdb3cecb6b793a722cdb14bde0c373b62211aefe0a0eb571e14e7456886a

Identifiers

AwsParameterStore.Microsoft.Extensions.Configuration:0.7.0

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

GatewayUnifier.csproj

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj
MD5: c8ed4978b06e70902f5986c4001a91a0
SHA1: f9dcc1254279fdc86db6d1aeda121323b7f24ec0
SHA256:ed23e1724eb2c6615d757764fa5c8e1d98dcbdd6a4360b70d261ee334bd488ec

Identifiers

  • None

GatewayUnifier.dll

Description:

GatewayUnifier

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\bin\Debug\net6.0\GatewayUnifier.dll
MD5: 34fbf9bcca4711fa8e459bb68a3724f6
SHA1: 4e3622b9946dc43ddba2707bba34082f5cfeb288
SHA256:0bfa246201f710036203a2b081bd3937f8cf856fe328d7a2ebfc0e2dcb1580d7

Identifiers

Hashids.net:1.3.0

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

Lumigo.DotNET.Instrumentation.dll

Description:

Lumigo.DotNET.Instrumentation

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Lumigo.DotNET.Instrumentation.dll
MD5: e4d82c66569f9018e8eb35f07a0853b9
SHA1: 06f2aee4ed03a9563fdf119cba3e371969a62b8b
SHA256:a0b49a18bcf417aeaeb2defd55858916a36f6e20c638901cacc734c8e2dee67c

Identifiers

Lumigo.DotNET.Parser.dll

Description:

Lumigo.DotNET.Parser

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Lumigo.DotNET.Parser.dll
MD5: 8f73799c54f37cfe9242d24a8cadb19e
SHA1: 4b678ea57bb25a3ab189116083d5bb8ab6ec0ddc
SHA256:953362896d4482d14e3e3f1c16f9e8804a07be70001057b6fb1995f9b866be80

Identifiers

Lumigo.DotNET.Utilities.dll

Description:

Lumigo.DotNET.Utilities

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Lumigo.DotNET.Utilities.dll
MD5: 57723ebe4b524e97b1a8eef9b434f7ac
SHA1: 5f5c55f891b979890f606721a65fb020a516ba3b
SHA256:ec83d49a5d94ef4e3bbae004b57fd22e19a534b3b0612a397970b86f29279955

Identifiers

Lumigo.DotNET.dll

Description:

Lumigo.DotNET

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Lumigo.DotNET.dll
MD5: 8dd28f78db0d271e52f6cb3995d610a4
SHA1: 7ca292cce2dd9301347389ba601d36b42f4b4557
SHA256:d66a787d2600af189e4ec512afbaf39078cebbabdf619427b309bcc36f3ec106

Identifiers

MSTest.TestAdapter:1.2.0

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\RoleAccessHandler.Tests.csproj

Identifiers

MSTest.TestFramework:1.2.0

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\RoleAccessHandler.Tests.csproj

Identifiers

Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

CVE-2021-34532 (OSSINDEX)  

ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CWE-noinfo

CVSSv2:
  • Base Score: LOW (2.0999999046325684)
  • Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3:*:*:*:*:*:*:*

Microsoft.AspNetCore.Hosting.Server.Abstractions.dll

Description:

Microsoft.AspNetCore.Hosting.Server.Abstractions

ASP.NET Core hosting server abstractions for web applications.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.AspNetCore.Hosting.Server.Abstractions.dll
MD5: 191047a4897093d8750268ba063784bd
SHA1: 704f5cb461f1065eabfa9c99e937cc54329ec52f
SHA256:2aa879f203ea973722e1e8c862baaae6bc165f8b70ac24918873af3aa20c906d

Identifiers

Microsoft.DotNet.PlatformAbstractions.dll

Description:

Abstractions for making code that uses file system and environment testable.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.DotNet.PlatformAbstractions.dll
MD5: a69ee0c1195620088b4efb1e8c9dca3d
SHA1: cede41194639465753550adecbecf32e85e582c7
SHA256:359451c3e3be25f7c383713787d1a3e762579c648bbce8e37b5010c0622f9681

Identifiers

Microsoft.Extensions.Configuration.Abstractions.dll

Description:

Microsoft.Extensions.Configuration.Abstractions

Abstractions of key-value pair based configuration.
Commonly used types:
Microsoft.Extensions.Configuration.IConfiguration
Microsoft.Extensions.Configuration.IConfigurationBuilder
Microsoft.Extensions.Configuration.IConfigurationProvider
Microsoft.Extensions.Configuration.IConfigurationRoot
Microsoft.Extensions.Configuration.IConfigurationSection

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll
MD5: 14c18e6c36cb41e8d1c41d2fb24e37c2
SHA1: 930cf1ec8595b039a2965c32ff9af1417c449c45
SHA256:8c03521ccc135409922f562257d38ecaf98bf9fff1a9890c8c534a9475dbd28d

Identifiers

Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Microsoft.Extensions.Configuration.Json:6.0.0

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Microsoft.Extensions.Configuration:6.0.1

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Description:

Microsoft.Extensions.DependencyInjection.Abstractions

Abstractions for dependency injection.
Commonly used types:
Microsoft.Extensions.DependencyInjection.IServiceCollection

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll
MD5: 6f3cca084046a16c91f64953bd6ae66c
SHA1: 70ed8ee6630e547125267dfb19fd2b14a0875ea6
SHA256:e51f1960c60e65c1e28869f5a296896803f24346580d49bdcadfe63ba46499ae

Identifiers

Microsoft.Extensions.DependencyInjection.dll

Description:

Microsoft.Extensions.DependencyInjection

Default implementation of dependency injection for Microsoft.Extensions.DependencyInjection.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.dll
MD5: 432c3bdf19dfa3d6440e8f1454e68e2e
SHA1: c0165e641b968dc5eb6bce4dee373f2efb4193fd
SHA256:afff3a4d7da699563786c8d0b0085b5a51b09e074d4e099ecc838fca37faf8b9

Identifiers

Microsoft.Extensions.DependencyInjection:6.0.1

File Path: D:\Auropayrepos\AWSInfra\src\Authorizer\Authorizer.csproj

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Abstractions for reading `.deps` files.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.DependencyModel.dll
MD5: 13f8831d108ed271d068990df780dac7
SHA1: 8ea6b66104aff050ecaf5be489caee177987f56b
SHA256:7577357b33958c973cc296030ca19a06914100dc320fa1c7e985b06dfbec8df3

Identifiers

Microsoft.Extensions.FileProviders.Abstractions.dll

Description:

Microsoft.Extensions.FileProviders.Abstractions

Abstractions of files and directories.
Commonly used types:
Microsoft.Extensions.FileProviders.IDirectoryContents
Microsoft.Extensions.FileProviders.IFileInfo
Microsoft.Extensions.FileProviders.IFileProvider

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.FileProviders.Abstractions.dll
MD5: 25394afea2d4cb8f8d77e4c916bbc89b
SHA1: 0c66003e39b6f6f279041d0b02a53b42f10a8f9d
SHA256:5a6116fd240c281159ea2064083edde1b7e12287da3943a8cf94da2344af9685

Identifiers

Microsoft.Extensions.Hosting.Abstractions.dll

Description:

Microsoft.Extensions.Hosting.Abstractions

.NET Core hosting and startup abstractions for applications.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.Hosting.Abstractions.dll
MD5: 11fd3e7f5dcb45e347e70b4e94db2a00
SHA1: 075ae0367fd7707fa2a35aba38089f119ef20b24
SHA256:71b4f978afcce58ae5ca51e9c1b6c4c7c54b42f8ebe7fc69be72854e51fa7ba6

Identifiers

Microsoft.Extensions.Logging.Abstractions.dll

Description:

Microsoft.Extensions.Logging.Abstractions

Logging abstractions for Microsoft.Extensions.Logging.
Commonly used types:
Microsoft.Extensions.Logging.ILogger
Microsoft.Extensions.Logging.ILoggerFactory
Microsoft.Extensions.Logging.ILogger<TCategoryName>
Microsoft.Extensions.Logging.LogLevel
Microsoft.Extensions.Logging.Logger<T>
Microsoft.Extensions.Logging.LoggerMessage
Microsoft.Extensions.Logging.Abstractions.NullLogger

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.Logging.Abstractions.dll
MD5: 7e5a955a4ca2820c81ecfeb297a2be2c
SHA1: 6e0b5eece834578b2ea108ebc3ed54cedf011e72
SHA256:b02305fd63abc381469621c201dcddcd3753e9318ebeced07f97d85d35eb4766

Identifiers

Microsoft.Extensions.Logging.Console:6.0.0

File Path: D:\Auropayrepos\AWSInfra\src\GatewayUnifier\GatewayUnifier.csproj

Identifiers

Microsoft.Extensions.Options.dll

Description:

Microsoft.Extensions.Options

Provides a strongly typed way of specifying and accessing settings using dependency injection.

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.Options.dll
MD5: bac3f89e16527db0a946245ad4a9f6b7
SHA1: 59e72f7cdcda5807ff710389ee4a5ac5f6231373
SHA256:63282f3f43a095ba95b6e8f691742667ec79f04055177c43ec6980cee353c93c

Identifiers

Microsoft.Extensions.Primitives.dll

Description:

Microsoft.Extensions.Primitives

Primitives shared by framework extensions. Commonly used types include:
Microsoft.Extensions.Primitives.IChangeToken
Microsoft.Extensions.Primitives.StringValues
Microsoft.Extensions.Primitives.StringSegment

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.Extensions.Primitives.dll
MD5: b5c71bed0a0cc2db2aa02445a4afa774
SHA1: b6606f6beb39a2f1645e20996307c21db1c569fa
SHA256:e0e19377694a527c7bf905cf574e96fb6fd1f5676771d5f7f9fe2d8510ebfd60

Identifiers

Microsoft.NET.Test.Sdk:15.5.0

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\RoleAccessHandler.Tests.csproj

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.TestPlatform.CrossPlatEngine.dll
MD5: f4eedc1c75b69c0d0d9e80ed757c43b0
SHA1: 8cce74986da289f36b5f5ba64c12703e25945df2
SHA256:05ff637d5a3508f5f379c2735facff65a88dd25a4912207c5cb02de23259dfac

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.resources.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\cs\Microsoft.TestPlatform.CrossPlatEngine.resources.dll
MD5: bf13ccd4e04ef31316ca03e3021d433d
SHA1: ab21ea3dcbf9ba2c6a3b822dd0be3be60345064e
SHA256:ce0540e1483437963f00b27cf76cbc24acffbab8a28aa33e48cd6be38aab9800

Identifiers

Microsoft.VisualStudio.CodeCoverage.Shim.dll

Description:

Microsoft.VisualStudio.CodeCoverage.Shim.dll

Microsoft.VisualStudio.CodeCoverage.Shim.dll

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.CodeCoverage.Shim.dll
MD5: 18abc24fbcd39e398b03e6ec0dac1d15
SHA1: 5232d8f57f098056bed6ef39e927c91f3dd68011
SHA256:d7cdd2d3e02ada6de7b99d6795bea37020a3040c1232f253e6fd5785346250c0

Identifiers

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll

Description:

PlatformServices.Interface

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll
MD5: 2b3ec335ca319194f5d3a659fce6cd04
SHA1: eb0a5b0c79885fd3055909824a6da1564aa6dd6f
SHA256:a4d7473b9b42ed3b0a5eac2de952d4e89f7080a56c0e75c6c6f6a749cae05ae5

Identifiers

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll

Description:

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices

Package Description

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll
MD5: 3f8bca30b8e4e6079109d7e138695c95
SHA1: fb51b4f214bcba19b3257ab9346b7688944d2f5f
SHA256:f9869df4ad60ed2a8a51c05d313d07d9152ec3f9811b65765e445ff10a04869c

Identifiers

Microsoft.VisualStudio.TestPlatform.TestFramework.dll

Description:

MSTest.Core

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.TestFramework.dll
MD5: 53765f54dddb420f56bc359741f2bb27
SHA1: 68fc3add8c5913b6c3b5f8174ad6216c4ec7ab91
SHA256:543ebd29a2cebba43b84b32e7c9403fd0dea13cc324c92b8b9b5f3ad987984d4

Identifiers

Newtonsoft.Json.dll

Description:

Json.NET .NET Standard 2.0

Json.NET is a popular high-performance JSON framework for .NET

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\Newtonsoft.Json.dll
MD5: 916d32b899f1bc23b209648d007b99fd
SHA1: e3673d05d46f29e68241d4536bddf18cdd0a913d
SHA256:72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661

Identifiers

RoleAccessHandler.Tests.csproj

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\RoleAccessHandler.Tests.csproj
MD5: d7bb32067c1fba1fc05d99cf2868e886
SHA1: d850d3ace6ad50776ff0a6da8b6be9b4e1f06331
SHA256:9c81b9f8b6d4512563f5d1188de7b7ea292e247443450623982fa714684d1ce2

Identifiers

  • None

RoleAccessHandler.Tests.dll

Description:

RoleAccessHandler.Tests

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\RoleAccessHandler.Tests.dll
MD5: 83e5dbb87af8c7949c0e44f0c86e96c5
SHA1: b9dc67087058d69418cf3177173451ed394937ed
SHA256:9f607bd605dab9771d1f93b6acf866cc2d1267bf954ec1c785207d26c95350d5

Identifiers

RoleAccessHandler.csproj

File Path: D:\Auropayrepos\AWSInfra\src\RoleAccessHandler\RoleAccessHandler.csproj
MD5: 7a7f9364e685e5a8617f745c099c04f0
SHA1: 6fcb8469f1e72abd928df0df8e96ad300110b876
SHA256:a70e50631070ba99693608d7461ac2f7076e037438c47fa7310b9df6b68dc2df

Identifiers

  • None

RoleAccessHandler.dll

Description:

RoleAccessHandler

File Path: D:\Auropayrepos\AWSInfra\src\RoleAccessHandler\bin\Debug\net6.0\RoleAccessHandler.dll
MD5: 6b116d371eb29ae206b64468d8fea528
SHA1: 90e7dcb0ddc2001f412ca1539446865e1df81ae8
SHA256:6832c78a29760a8ac1ebe93e6efd105443f98adb5a5bdb403eecbf780105cfdd

Identifiers

SonarScanner.MSBuild.Common.dll

Description:

SonarScanner.MSBuild.Common

File Path: D:\Auropayrepos\AWSInfra\.sonarqube\bin\SonarScanner.MSBuild.Common.dll
MD5: 638176ed2b26d5dc9bb235369e64ee47
SHA1: fdfa15ce9bc7db4e31fbae1110dd3e93748ba081
SHA256:59411967838149b3ef121cb6f51faf2cb59ac58e6d1a3fd4061d7cfcddade25b

Identifiers

SonarScanner.MSBuild.Tasks.dll

Description:

SonarScanner.MSBuild.Tasks

File Path: D:\Auropayrepos\AWSInfra\.sonarqube\bin\SonarScanner.MSBuild.Tasks.dll
MD5: a1e7ea5f4cee21609b26391b88408ee0
SHA1: 3b5b7c413b9086a1c8fcdba384642da437b96600
SHA256:2024b5c55140da0bb83378fc218e4f48f48e26b49000eb26435e7cf4e2cdd919

Identifiers

CVE-2020-22475  

"Tasks" application version before 9.7.3 is affected by insecure permissions. The VoiceCommandActivity application component allows arbitrary applications on a device to add tasks with no restrictions.
CWE-276 Incorrect Default Permissions

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:0.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2022-39349  

The Tasks.org Android app is an open-source app for to-do lists and reminders. The Tasks.org app uses the activity `ShareLinkActivity.kt` to handle "share" intents coming from other components in the same device and convert them to tasks. Those intents may contain arbitrary file paths as attachments, in which case the files pointed by those paths are copied in the app's external storage directory. Prior to versions 12.7.1 and 13.0.1, those paths were not validated, allowing a malicious or compromised application in the same device to force Tasks.org to copy files from its internal storage to its external storage directory, where they became accessible to any component with permission to read the external storage. This vulnerability can lead to sensitive information disclosure. All information in the user's notes and the app's preferences, including the encrypted credentials of CalDav integrations if enabled, could be accessed by third party applications installed on the same device. This issue was fixed in versions 12.7.1 and 13.0.1. There are no known workarounds.
CWE-668 Exposure of Resource to Wrong Sphere, CWE-441 Unintended Proxy or Intermediary ('Confused Deputy')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

System.Security.Cryptography.Xml.dll

Description:

System.Security.Cryptography.Xml

System.Security.Cryptography.Xml

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\System.Security.Cryptography.Xml.dll
MD5: f94303ed2487aa66fae8a3c08ff8240c
SHA1: 5a95de9f2293e3b2438c061312aa298db5e9f0e5
SHA256:805a9fe21eb53635a6696ca5d319e5b13e399991e3c4e3f6084ce9b85a2c4ffb

Identifiers

System.Xml.XPath.XmlDocument.dll

Description:

System.Xml.XPath.XmlDocument

System.Xml.XPath.XmlDocument

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\System.Xml.XPath.XmlDocument.dll
MD5: 176e9b8e9b622a51e5b3db8d0fac6eea
SHA1: 5354245e852fdc31019f6496c1b7cae056b471ff
SHA256:f95c1bd1cf19ef02b788a3473ccc64716d26504d98831ddcb240f1d913a3eef3

Identifiers

aws-sdk:2.266.1

File Path: D:\Auropayrepos\AWSInfra\src\OperationsFromSwagger\package-lock.json?aws-sdk

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

CVE-2020-28472 (OSSINDEX)  

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.800000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:aws-sdk:2.266.1:*:*:*:*:*:*:*

GHSA-rrc9-gqf8-8rwg (NPM)  

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: HIGH (7.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:aws-sdk:\<2.814.0:*:*:*:*:*:*:*

aws-sdk:2.269.1

File Path: D:\Auropayrepos\AWSInfra\src\CodePipelineDeployAPI\package-lock.json?aws-sdk

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

CVE-2020-28472 (OSSINDEX)  

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.800000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:aws-sdk:2.269.1:*:*:*:*:*:*:*

GHSA-rrc9-gqf8-8rwg (NPM)  

This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: HIGH (7.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:aws-sdk:\<2.814.0:*:*:*:*:*:*:*

index.js

File Path: D:\Auropayrepos\AWSInfra\src\CodePipelineDeployAPI\index.js
MD5: 0f874398d50a23bb10b04e8c1d7023ce
SHA1: 9fef84b78fe7ef80c06b004634ea0bbe1b800c2e
SHA256:f996cb726d4e28a5280b18880cdc88c807bafebbe34cef19a0b6a41db8fc76cf

Identifiers

  • None

index.js

File Path: D:\Auropayrepos\AWSInfra\src\LambdaWarmer\index.js
MD5: 01cd207b2ee8e67e41a7127f93d17977
SHA1: 13dcd3447f984b04305c9e187557df51df2614fd
SHA256:e06e3fa59cc4ae2a70616468956d6a29ef19204ae3888f4beadc64190fff2f0f

Identifiers

  • None

index.js

File Path: D:\Auropayrepos\AWSInfra\src\OperationsFromSwagger\index.js
MD5: 91a68b5fbcb3539f0b19ae7892d2b033
SHA1: a6e179116f5d769a141ebcbaa44701a605db5e31
SHA256:7e169ccfa22f17c3e0f72dfd928e81fc451864f2458d9293d1189e78b27b6f32

Identifiers

  • None

index.js

File Path: D:\Auropayrepos\AWSInfra\src\SwaggerMerger\index.js
MD5: c67f9792f1c21595837afaecee087f43
SHA1: 805689aa286c89c86f4db58d0c896f665b8ab343
SHA256:74e71b0b25633d96f33792ead8aad2f2789952b83978e34f545a2fb1652ad2a6

Identifiers

  • None

jszip:3.1.5

File Path: D:\Auropayrepos\AWSInfra\src\CodePipelineDeployAPI\package-lock.json?jszip

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

CVE-2022-48285 (OSSINDEX)  

jszip - Arbitrary File Write via Archive Extraction (Zip Slip)

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '..filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
CWE-29 Path Traversal: '\..\filename'

CVSSv3:
  • Base Score: HIGH (8.199999809265137)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:jszip:3.1.5:*:*:*:*:*:*:*

GHSA-36fh-84j7-cv5h (NPM)  

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:jszip:\<3.8.0:*:*:*:*:*:*:*

CVE-2021-23413 (OSSINDEX)  

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-23413 for details
CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:jszip:3.1.5:*:*:*:*:*:*:*

GHSA-jg8v-48h5-wgxg (NPM)  

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g `__proto__`, `toString`, etc) results in a returned object with a modified prototype instance.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:jszip:\>\=3.0.0\<3.7.0:*:*:*:*:*:*:*

lodash:4.17.10

File Path: D:\Auropayrepos\AWSInfra\src\OperationsFromSwagger\package-lock.json?lodash

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

CVE-2019-10744 (OSSINDEX)  

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: CRITICAL (9.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:lodash:4.17.10:*:*:*:*:*:*:*

GHSA-jf85-cpcp-j695 (NPM)  

Versions of `lodash` before 4.17.12 are vulnerable to Prototype Pollution.  The function `defaultsDeep` allows a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.

## Recommendation

Update to version 4.17.12 or later.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Unscored:
  • Severity: critical

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\<4.17.12:*:*:*:*:*:*:*

CVE-2020-8203 (OSSINDEX)  

lodash - Prototype Pollution [ CVE-2020-8203 ] 

The software does not properly protect an assumed-immutable element from being modified by an attacker.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-8203 for details
CWE-471 Modification of Assumed-Immutable Data (MAID)

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:lodash:4.17.10:*:*:*:*:*:*:*

GHSA-p6mc-m468-83gw (NPM)  

Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The functions `pick`, `set`, `setWith`, `update`, `updateWith`, and `zipObjectDeep` allow a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires manipulating objects based on user-provided property values or arrays.

This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.400000095367432)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\>\=3.7.0\<4.17.19:*:*:*:*:*:*:*

CVE-2021-23337 (OSSINDEX)  

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: HIGH (7.199999809265137)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:lodash:4.17.10:*:*:*:*:*:*:*

GHSA-35jh-r3h4-6jhm (NPM)  

`lodash` versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: HIGH (7.199999809265137)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\<4.17.21:*:*:*:*:*:*:*

GHSA-4xc9-xhrj-v574 (NPM)  

Versions of `lodash` before 4.17.11 are vulnerable to prototype pollution. 

The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of `Object` via `{constructor: {prototype: {...}}}` causing the addition or modification of an existing property that will exist on all objects.




## Recommendation

Update to version 4.17.11 or later.
CWE-400 Uncontrolled Resource Consumption

Unscored:
  • Severity: high

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\<4.17.11:*:*:*:*:*:*:*

CVE-2018-16487 (OSSINDEX)  

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2018-16487 for details
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.599999904632568)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:lodash:4.17.10:*:*:*:*:*:*:*

CVE-2020-28500 (OSSINDEX)  

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-28500 for details
CWE-Other

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:lodash:4.17.10:*:*:*:*:*:*:*

GHSA-29mw-wpgm-hmr9 (NPM)  

All versions of package lodash prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the `toNumber`, `trim` and `trimEnd` functions. 

Steps to reproduce (provided by reporter Liyuan Chen):
```js
var lo = require('lodash');

function build_blank(n) {
    var ret = "1"
    for (var i = 0; i < n; i++) {
        ret += " "
    }
    return ret + "1";
}
var s = build_blank(50000) var time0 = Date.now();
lo.trim(s) 
var time_cost0 = Date.now() - time0;
console.log("time_cost0: " + time_cost0);
var time1 = Date.now();
lo.toNumber(s) var time_cost1 = Date.now() - time1;
console.log("time_cost1: " + time_cost1);
var time2 = Date.now();
lo.trimEnd(s);
var time_cost2 = Date.now() - time2;
console.log("time_cost2: " + time_cost2);
```
CWE-400 Uncontrolled Resource Consumption, CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\<4.17.21:*:*:*:*:*:*:*

GHSA-x5rq-j2xg-h7qm (NPM)  

lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.
CWE-400 Uncontrolled Resource Consumption

Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:lodash:\<4.17.11:*:*:*:*:*:*:*

operation.js

File Path: D:\Auropayrepos\AWSInfra\src\OperationsFromSwagger\operation.js
MD5: 95c8fb197e15bb0495c03e81dd6c0464
SHA1: 6e153bcad269f6a0f29c3fd373dcd73c80418d52
SHA256:04f39048b2b0a3233da2764c4bb5d83e67bde89cef89ff145909b56077199fb4

Identifiers

  • None

swaggermerge.js

File Path: D:\Auropayrepos\AWSInfra\src\SwaggerMerger\swaggermerge.js
MD5: f34234ae4f4a7ebce2b16718ca6bff4c
SHA1: 4e5ee809867634cc77dd883ef95de468e0034c6c
SHA256:d95560bf965937ae13812bd6454a08d597c44a65168b81f86393e7b5baabe88a

Identifiers

  • None

testhost.dll

Description:

testhost

File Path: D:\Auropayrepos\AWSInfra\test\RoleAccessHandler.Tests\bin\Debug\net6.0\testhost.dll
MD5: 9e3b6c0c1c6083115518638435fdea07
SHA1: ef741eb8c0398698da9965f359d71938b283feec
SHA256:4b9404bb74615f941216aa0840deaa331d83839c325c452eee6fef11a31c08a8

Identifiers

xml2js:0.4.17

File Path: D:\Auropayrepos\AWSInfra\src\OperationsFromSwagger\package-lock.json?xml2js

Referenced In Project/Scope: package-lock.json: transitive

Identifiers

CVE-2023-0842 (OSSINDEX)  

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-0842 for details
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:xml2js:0.4.17:*:*:*:*:*:*:*

GHSA-776f-qx25-q3cc (NPM)  

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the `__proto__` property to be edited.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Unscored:
  • Severity: moderate

References:

Vulnerable Software & Versions (NPM):

  • cpe:2.3:a:*:xml2js:\<0.5.0:*:*:*:*:*:*:*



This report contains data retrieved from the National Vulnerability Database.
This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
This report may contain data retrieved from RetireJS.
This report may contain data retrieved from the Sonatype OSS Index.