Press CTR-C to copy XML [help]


Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: Testing

Scan Information (show all):

Analysis Exceptions


Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
APF.Core3.1.API:6.0.0.*pkg:nuget/APF.Core3.1.API@6.0.0.%2A 08
APF.Core3.1.AWS:6.0.0.*pkg:nuget/APF.Core3.1.AWS@6.0.0.%2A 08
APF.Core3.1:6.0.0.*pkg:nuget/APF.Core3.1@6.0.0.%2A 08
AWSSDK.CloudWatch.dllcpe:2.3:a:web_project:web:3.7.2.10:*:*:*:*:*:*:*pkg:generic/AWSSDK.CloudWatch@3.7.2.10 0Low13
AWSSDK.CloudWatchEvents.dllpkg:generic/AWSSDK.CloudWatchEvents@3.7.3.21 013
AWSSDK.CloudWatchLogs.dllcpe:2.3:a:web_project:web:3.7.1.29:*:*:*:*:*:*:*pkg:generic/AWSSDK.CloudWatchLogs@3.7.1.29 0Low13
AWSSDK.CognitoIdentity.dllcpe:2.3:a:web_project:web:3.7.0.2:*:*:*:*:*:*:*pkg:generic/AWSSDK.CognitoIdentity@3.7.0.2 0Low13
AWSSDK.CognitoIdentityProvider.dllcpe:2.3:a:web_project:web:3.7.1.26:*:*:*:*:*:*:*pkg:generic/AWSSDK.CognitoIdentityProvider@3.7.1.26 0Low13
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.7.100.22:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.7.100.22 0Low21
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.3.105.1:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.3.105.1 0Low15
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.3.27.3:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.3.27.3 0Low15
AWSSDK.Core.dllcpe:2.3:a:web_project:web:3.3.30.2:*:*:*:*:*:*:*pkg:generic/AWSSDK.Core@3.3.30.2 0Low15
AWSSDK.DynamoDBv2.dllcpe:2.3:a:web_project:web:3.3.10.3:*:*:*:*:*:*:*pkg:generic/AWSSDK.DynamoDBv2@3.3.10.3 0Low15
AWSSDK.Extensions.NETCore.Setup.dllpkg:generic/AWSSDK.Extensions.NETCore.Setup@3.7.1 013
AWSSDK.Extensions.NETCore.Setup.dllpkg:generic/AWSSDK.Extensions.NETCore.Setup@3.3.100.0 013
AWSSDK.Extensions.NETCore.Setup:3.3.100.1pkg:nuget/AWSSDK.Extensions.NETCore.Setup@3.3.100.1 08
AWSSDK.Extensions.NETCore.Setup:3.7.2pkg:nuget/AWSSDK.Extensions.NETCore.Setup@3.7.2 08
AWSSDK.KeyManagementService.dllcpe:2.3:a:service_project:service:3.7.100.22:*:*:*:*:*:*:*pkg:generic/AWSSDK.KeyManagementService@3.7.100.22 0Low13
AWSSDK.KeyManagementService.dllcpe:2.3:a:service_project:service:3.3.5.10:*:*:*:*:*:*:*pkg:generic/AWSSDK.KeyManagementService@3.3.5.10 0Low13
AWSSDK.Kinesis.dllcpe:2.3:a:web_project:web:3.7.0.0:*:*:*:*:*:*:*pkg:generic/AWSSDK.Kinesis@3.7.0.0 0Low13
AWSSDK.Lambda.dllcpe:2.3:a:amazon:aws_lambda:3.7.101.2:*:*:*:*:*:*:*pkg:generic/AWSSDK.Lambda@3.7.101.2 0Low13
AWSSDK.Lambda.dllcpe:2.3:a:amazon:aws_lambda:3.3.15.1:*:*:*:*:*:*:*pkg:generic/AWSSDK.Lambda@3.3.15.1 0Low13
AWSSDK.RDS.dllcpe:2.3:a:web_project:web:3.7.104.3:*:*:*:*:*:*:*pkg:generic/AWSSDK.RDS@3.7.104.3 0Low19
AWSSDK.RDS.dllcpe:2.3:a:web_project:web:3.3.37.7:*:*:*:*:*:*:*pkg:generic/AWSSDK.RDS@3.3.37.7 0Low13
AWSSDK.S3.dllpkg:generic/AWSSDK.S3@3.7.9.23 021
AWSSDK.S3.dllpkg:generic/AWSSDK.S3@3.3.110.38 015
AWSSDK.SQS.dllcpe:2.3:a:web_project:web:3.7.0.55:*:*:*:*:*:*:*pkg:generic/AWSSDK.SQS@3.7.0.55 0Low13
AWSSDK.SecurityToken.dllpkg:generic/AWSSDK.SecurityToken@3.7.0.2 013
AWSSDK.SimpleNotificationService.dllcpe:2.3:a:service_project:service:3.3.1.4:*:*:*:*:*:*:*pkg:generic/AWSSDK.SimpleNotificationService@3.3.1.4 0Low13
AWSSDK.SimpleSystemsManagement.dllpkg:generic/AWSSDK.SimpleSystemsManagement@3.7.20.6 013
AWSSDK.SimpleSystemsManagement.dllpkg:generic/AWSSDK.SimpleSystemsManagement@3.3.34.0 013
Amazon.AspNetCore.DataProtection.SSM.dllcpe:2.3:a:asp-project:asp-project:2.1.0:*:*:*:*:*:*:*pkg:generic/Amazon.AspNetCore.DataProtection.SSM@2.1.0 0Low16
Amazon.Lambda.APIGatewayEvents.dllcpe:2.3:a:web_project:web:1.2.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.APIGatewayEvents@1.2.0.0 0Low15
Amazon.Lambda.APIGatewayEvents.dllcpe:2.3:a:web_project:web:1.1.3.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.APIGatewayEvents@1.1.3.0 0Low15
Amazon.Lambda.APIGatewayEvents:2.3.0pkg:nuget/Amazon.Lambda.APIGatewayEvents@2.3.0 08
Amazon.Lambda.ApplicationLoadBalancerEvents.dllpkg:generic/Amazon.Lambda.ApplicationLoadBalancerEvents@0.0.0.0 09
Amazon.Lambda.AspNetCoreServer.dllcpe:2.3:a:asp-project:asp-project:2.0.4:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.AspNetCoreServer@2.0.4 0Low15
Amazon.Lambda.AspNetCoreServer:6.1.0cpe:2.3:a:asp-project:asp-project:6.1.0:*:*:*:*:*:*:*pkg:nuget/Amazon.Lambda.AspNetCoreServer@6.1.0 0Low8
Amazon.Lambda.CloudWatchEvents.dllpkg:generic/Amazon.Lambda.CloudWatchEvents@0.0.0.0 09
Amazon.Lambda.Core.dllcpe:2.3:a:web_project:web:1.0.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.Core@1.0.0.0 0Low15
Amazon.Lambda.Core:2.1.0pkg:nuget/Amazon.Lambda.Core@2.1.0 08
Amazon.Lambda.KinesisAnalyticsEvents.dllpkg:generic/Amazon.Lambda.KinesisAnalyticsEvents@0.0.0.0 09
Amazon.Lambda.KinesisFirehoseEvents.dllpkg:generic/Amazon.Lambda.KinesisFirehoseEvents@0.0.0.0 09
Amazon.Lambda.LexEvents.dllpkg:generic/Amazon.Lambda.LexEvents@0.0.0.0 09
Amazon.Lambda.Logging.AspNetCore.dllcpe:2.3:a:asp-project:asp-project:2.0.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.Logging.AspNetCore@2.0.0.0 0Low15
Amazon.Lambda.S3Events.dllpkg:generic/Amazon.Lambda.S3Events@1.0.0.0 015
Amazon.Lambda.SNSEvents.dllcpe:2.3:a:web_project:web:1.0.0:*:*:*:*:*:*:*pkg:generic/Amazon.Lambda.SNSEvents@1.0.0 0Low16
Amazon.Lambda.SNSEvents:2.0.0pkg:nuget/Amazon.Lambda.SNSEvents@2.0.0 08
Amazon.Lambda.Serialization.Json.dllpkg:generic/Amazon.Lambda.Serialization.Json@1.2.0 017
Amazon.Lambda.Serialization.Json:2.1.0pkg:nuget/Amazon.Lambda.Serialization.Json@2.1.0 08
Amazon.Lambda.Serialization.SystemTextJson.dllpkg:generic/Amazon.Lambda.Serialization.SystemTextJson@0.0.0.0 09
Amazon.Lambda.TestUtilities.dllpkg:generic/Amazon.Lambda.TestUtilities@1.0.0 014
Amazon.Lambda.TestUtilities.dllpkg:generic/Amazon.Lambda.TestUtilities@1.0.0.0 013
AutoMapper.Extensions.Microsoft.DependencyInjection.dllpkg:generic/AutoMapper.Extensions.Microsoft.DependencyInjection@7.0.0 023
AutoMapper.dllpkg:generic/AutoMapper@9.0.0 015
AwsParameterStore.Microsoft.Extensions.Configuration.dllpkg:generic/AwsParameterStore.Microsoft.Extensions.Configuration@0.7.0 026
AwsParameterStore.Microsoft.Extensions.Configuration.dllpkg:generic/AwsParameterStore.Microsoft.Extensions.Configuration@0.5.0 016
Billing.API.Tests.csproj 02
Billing.API.Tests.dllpkg:generic/Billing.API.Tests@1.0.0 014
Billing.API.csproj 02
Billing.API.dllpkg:generic/Billing.API@1.0.0 016
Billing.API.exe 02
Billing.API.exe 02
Billing.Tests.csproj 02
Billing.Tests.dllpkg:generic/Billing.Tests@1.0.0 014
Billing.csproj 02
Billing.dllpkg:generic/Billing@1.0.0 014
BillingKeyRotationExecutor.Tests.csproj 02
BillingKeyRotationExecutor.Tests.dllpkg:generic/BillingKeyRotationExecutor.Tests@1.0.0 016
BillingKeyRotationExecutor.csproj 02
BillingKeyRotationExecutor.dllpkg:generic/BillingKeyRotationExecutor@1.0.0 016
BillingScheduleExecutor.Tests.csproj 02
BillingScheduleExecutor.Tests.dllpkg:generic/BillingScheduleExecutor.Tests@1.0.0 016
BillingScheduleExecutor.csproj 02
BillingScheduleExecutor.dllpkg:generic/BillingScheduleExecutor@1.0.0 016
Castle.Core.dllpkg:generic/Castle.Core@4.2.1 017
FeeSwagger.js 00
Flee:1.2.1pkg:nuget/Flee@1.2.1 04
FluentValidation.AspNetCore.dllcpe:2.3:a:asp-project:asp-project:9.2.0:*:*:*:*:*:*:*pkg:generic/FluentValidation.AspNetCore@9.2.0 0Low15
FluentValidation.AspNetCore:11.3.0cpe:2.3:a:asp-project:asp-project:11.3.0:*:*:*:*:*:*:*pkg:nuget/FluentValidation.AspNetCore@11.3.0 0Low6
FluentValidation.DependencyInjectionExtensions.dllpkg:generic/FluentValidation.DependencyInjectionExtensions@9.2.0 015
FluentValidation.dllpkg:generic/FluentValidation@9.2.0 015
Hashids.net.dllpkg:generic/Hashids.net@1.6.1 020
Hashids.net.dllpkg:generic/Hashids.net@1.3.0 014
Humanizer.dllpkg:generic/Humanizer@2.8.26 015
InvoiceHandler.Tests.csproj 02
InvoiceHandler.csproj 02
InvoiceHandler.dllpkg:generic/InvoiceHandler@1.0.0 016
Lumigo.DotNET.Instrumentation.dllpkg:generic/Lumigo.DotNET.Instrumentation@1.0.0 016
Lumigo.DotNET.Parser.dllpkg:generic/Lumigo.DotNET.Parser@1.0.0 016
Lumigo.DotNET.Utilities.dllpkg:generic/Lumigo.DotNET.Utilities@1.0.0 016
Lumigo.DotNET.dllpkg:generic/Lumigo.DotNET@1.0.45 022
MSTest.TestAdapter:1.2.0pkg:nuget/MSTest.TestAdapter@1.2.0 06
MSTest.TestFramework:1.2.0pkg:nuget/MSTest.TestFramework@1.2.0 06
MerchantBillingConfigSwagger.js 00
Microsoft.AspNet.WebApi.Client:5.2.7cpe:2.3:a:asp-project:asp-project:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.2.7:*:*:*:*:*:*:*		pkg:nuget/Microsoft.AspNet.WebApi.Client@5.2.7 0Low8
Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3cpe:2.3:a:asp-project:asp-project:3.1.3:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.Authentication.JwtBearer@3.1.3LOW1Low8
Microsoft.AspNetCore.Http.Features.dllcpe:2.3:a:asp-project:asp-project:3.100.320.16314:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:3.100.320.16314:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.Http.Features@3.100.320.16314 0Low17
Microsoft.AspNetCore.JsonPatch.dllcpe:2.3:a:asp-project:asp-project:3.100.19.56601:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:3.100.19.56601:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.JsonPatch@3.100.19.56601 0Low15
Microsoft.AspNetCore.JsonPatch:3.1.0cpe:2.3:a:asp-project:asp-project:3.1.0:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.JsonPatch@3.1.0 0Low8
Microsoft.AspNetCore.TestHost.dllcpe:2.3:a:asp-project:asp-project:6.0.21.52608:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:6.0.21.52608:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.TestHost@6.0.21.52608 0Low15
Microsoft.AspNetCore.TestHost.dllcpe:2.3:a:asp-project:asp-project:3.100.320.16314:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_core:3.100.320.16314:*:*:*:*:*:*:*		pkg:generic/Microsoft.AspNetCore.TestHost@3.100.320.16314 0Low15
Microsoft.AspNetCore.TestHost:6.0.0cpe:2.3:a:asp-project:asp-project:6.0.0:*:*:*:*:*:*:*pkg:nuget/Microsoft.AspNetCore.TestHost@6.0.0 0Low8
Microsoft.Bcl.AsyncInterfaces.dllcpe:2.3:a:async_project:async:4.700.19.56404:*:*:*:*:*:*:*pkg:generic/Microsoft.Bcl.AsyncInterfaces@4.700.19.56404 0Low13
Microsoft.Bcl.HashCode.dllcpe:2.3:a:microsoft:.net_core:4.700.19.56404:*:*:*:*:*:*:*pkg:generic/Microsoft.Bcl.HashCode@4.700.19.56404 0Low13
Microsoft.DotNet.InternalAbstractions.dllpkg:generic/Microsoft.DotNet.InternalAbstractions@1.0.0 010
Microsoft.DotNet.PlatformAbstractions.dllpkg:generic/Microsoft.DotNet.PlatformAbstractions@1.0.1 09
Microsoft.DotNet.PlatformAbstractions.dllpkg:generic/Microsoft.DotNet.PlatformAbstractions@3.100.320.12801 015
Microsoft.EntityFrameworkCore.Abstractions.dllpkg:generic/Microsoft.EntityFrameworkCore.Abstractions@6.0.10 016
Microsoft.EntityFrameworkCore.Abstractions.dllpkg:generic/Microsoft.EntityFrameworkCore.Abstractions@3.100.320.12804 015
Microsoft.EntityFrameworkCore.Abstractions.dllpkg:generic/Microsoft.EntityFrameworkCore.Abstractions@6.0.11 016
Microsoft.EntityFrameworkCore.Design.dllpkg:generic/Microsoft.EntityFrameworkCore.Design@6.0.10 026
Microsoft.EntityFrameworkCore.Design.dllpkg:generic/Microsoft.EntityFrameworkCore.Design@3.100.320.12804 017
Microsoft.EntityFrameworkCore.Relational.dllpkg:generic/Microsoft.EntityFrameworkCore.Relational@6.0.10 024
Microsoft.EntityFrameworkCore.Relational.dllpkg:generic/Microsoft.EntityFrameworkCore.Relational@3.100.320.12804 015
Microsoft.EntityFrameworkCore.Relational.dllpkg:generic/Microsoft.EntityFrameworkCore.Relational@6.0.7 016
Microsoft.EntityFrameworkCore.Relational.dllpkg:generic/Microsoft.EntityFrameworkCore.Relational@6.0.11 016
Microsoft.EntityFrameworkCore.Relational:6.0.7.0pkg:nuget/Microsoft.EntityFrameworkCore.Relational@6.0.7.0 08
Microsoft.EntityFrameworkCore.Sqlite.dllcpe:2.3:a:sqlite:sqlite:6.0.11:*:*:*:*:*:*:*pkg:generic/Microsoft.EntityFrameworkCore.Sqlite@6.0.11 0Low24
Microsoft.EntityFrameworkCore.Sqlite.dllcpe:2.3:a:sqlite:sqlite:3.100.320.12804:*:*:*:*:*:*:*pkg:generic/Microsoft.EntityFrameworkCore.Sqlite@3.100.320.12804 0Low15
Microsoft.EntityFrameworkCore.dllpkg:generic/Microsoft.EntityFrameworkCore@6.0.10 022
Microsoft.EntityFrameworkCore.dllpkg:generic/Microsoft.EntityFrameworkCore@3.100.320.12804 015
Microsoft.EntityFrameworkCore.dllpkg:generic/Microsoft.EntityFrameworkCore@6.0.11 016
Microsoft.EntityFrameworkCore:6.0.10.0pkg:nuget/Microsoft.EntityFrameworkCore@6.0.10.0 06
Microsoft.Extensions.Caching.Abstractions.dllpkg:generic/Microsoft.Extensions.Caching.Abstractions@3.100.320.12802 017
Microsoft.Extensions.Caching.Abstractions.dllpkg:generic/Microsoft.Extensions.Caching.Abstractions@6.0.21.52210 017
Microsoft.Extensions.Caching.Memory.dllpkg:generic/Microsoft.Extensions.Caching.Memory@6.0.2 015
Microsoft.Extensions.Caching.Memory.dllpkg:generic/Microsoft.Extensions.Caching.Memory@3.100.320.12802 015
Microsoft.Extensions.Configuration.Abstractions.dllpkg:generic/Microsoft.Extensions.Configuration.Abstractions@3.100.320.12802 015
Microsoft.Extensions.Configuration.Abstractions.dllpkg:generic/Microsoft.Extensions.Configuration.Abstractions@6.0.21.52210 015
Microsoft.Extensions.Configuration.Binder.dllpkg:generic/Microsoft.Extensions.Configuration.Binder@3.100.320.12802 017
Microsoft.Extensions.Configuration.Binder.dllpkg:generic/Microsoft.Extensions.Configuration.Binder@6.0.21.52210 015
Microsoft.Extensions.Configuration.CommandLine.dllcpe:2.3:a:line:line:3.100.320.12802:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Configuration.CommandLine@3.100.320.12802MEDIUM1Low17
Microsoft.Extensions.Configuration.EnvironmentVariables.dllpkg:generic/Microsoft.Extensions.Configuration.EnvironmentVariables@6.0.2 017
Microsoft.Extensions.Configuration.EnvironmentVariables.dllpkg:generic/Microsoft.Extensions.Configuration.EnvironmentVariables@3.100.320.12802 017
Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1pkg:nuget/Microsoft.Extensions.Configuration.EnvironmentVariables@6.0.1 08
Microsoft.Extensions.Configuration.FileExtensions.dllpkg:generic/Microsoft.Extensions.Configuration.FileExtensions@3.100.320.12802 017
Microsoft.Extensions.Configuration.FileExtensions.dllpkg:generic/Microsoft.Extensions.Configuration.FileExtensions@6.0.21.52210 015
Microsoft.Extensions.Configuration.Json.dllpkg:generic/Microsoft.Extensions.Configuration.Json@3.100.320.12802 017
Microsoft.Extensions.Configuration.Json.dllpkg:generic/Microsoft.Extensions.Configuration.Json@6.0.21.52210 017
Microsoft.Extensions.Configuration.Json:6.0.0pkg:nuget/Microsoft.Extensions.Configuration.Json@6.0.0 08
Microsoft.Extensions.Configuration.UserSecrets.dllcpe:2.3:a:user_project:user:6.0.2:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Configuration.UserSecrets@6.0.2 0Low17
Microsoft.Extensions.Configuration.UserSecrets.dllcpe:2.3:a:user_project:user:3.100.320.12802:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Configuration.UserSecrets@3.100.320.12802 0Low17
Microsoft.Extensions.Configuration.dllpkg:generic/Microsoft.Extensions.Configuration@6.0.3 015
Microsoft.Extensions.Configuration.dllpkg:generic/Microsoft.Extensions.Configuration@3.100.320.12802 015
Microsoft.Extensions.Configuration:6.0.1pkg:nuget/Microsoft.Extensions.Configuration@6.0.1 08
Microsoft.Extensions.DependencyInjection.Abstractions.dllpkg:generic/Microsoft.Extensions.DependencyInjection.Abstractions@3.100.320.12802 017
Microsoft.Extensions.DependencyInjection.Abstractions.dllpkg:generic/Microsoft.Extensions.DependencyInjection.Abstractions@6.0.21.52210 015
Microsoft.Extensions.DependencyInjection.dllpkg:generic/Microsoft.Extensions.DependencyInjection@6.0.10 015
Microsoft.Extensions.DependencyInjection.dllpkg:generic/Microsoft.Extensions.DependencyInjection@3.100.320.12802 015
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@1.0.0 010
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@1.0.1 09
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@6.0.21.52210 015
Microsoft.Extensions.DependencyModel.dllpkg:generic/Microsoft.Extensions.DependencyModel@3.100.320.12801 015
Microsoft.Extensions.FileProviders.Abstractions.dllpkg:generic/Microsoft.Extensions.FileProviders.Abstractions@3.100.320.12802 015
Microsoft.Extensions.FileProviders.Abstractions.dllpkg:generic/Microsoft.Extensions.FileProviders.Abstractions@6.0.21.52210 015
Microsoft.Extensions.FileProviders.Physical.dllpkg:generic/Microsoft.Extensions.FileProviders.Physical@3.100.320.12802 017
Microsoft.Extensions.FileProviders.Physical.dllpkg:generic/Microsoft.Extensions.FileProviders.Physical@6.0.21.52210 017
Microsoft.Extensions.FileSystemGlobbing.dllpkg:generic/Microsoft.Extensions.FileSystemGlobbing@3.100.320.12802 015
Microsoft.Extensions.FileSystemGlobbing.dllpkg:generic/Microsoft.Extensions.FileSystemGlobbing@6.0.21.52210 015
Microsoft.Extensions.Hosting.Abstractions.dllpkg:generic/Microsoft.Extensions.Hosting.Abstractions@3.100.320.12802 015
Microsoft.Extensions.Hosting.dllpkg:generic/Microsoft.Extensions.Hosting@6.0.2 015
Microsoft.Extensions.Hosting.dllpkg:generic/Microsoft.Extensions.Hosting@3.100.320.12802 015
Microsoft.Extensions.Hosting:6.0.1pkg:nuget/Microsoft.Extensions.Hosting@6.0.1 08
Microsoft.Extensions.Logging.Abstractions.dllpkg:generic/Microsoft.Extensions.Logging.Abstractions@6.0.3 017
Microsoft.Extensions.Logging.Abstractions.dllpkg:generic/Microsoft.Extensions.Logging.Abstractions@3.100.320.12802 017
Microsoft.Extensions.Logging.Abstractions:6.0.1pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.1 08
Microsoft.Extensions.Logging.Configuration.dllpkg:generic/Microsoft.Extensions.Logging.Configuration@3.100.320.12802 017
Microsoft.Extensions.Logging.Configuration.dllpkg:generic/Microsoft.Extensions.Logging.Configuration@6.0.21.52210 017
Microsoft.Extensions.Logging.Console.dllpkg:generic/Microsoft.Extensions.Logging.Console@3.100.320.12802 017
Microsoft.Extensions.Logging.Console.dllpkg:generic/Microsoft.Extensions.Logging.Console@6.0.21.52210 017
Microsoft.Extensions.Logging.Console:6.0.0pkg:nuget/Microsoft.Extensions.Logging.Console@6.0.0 08
Microsoft.Extensions.Logging.Debug.dllpkg:generic/Microsoft.Extensions.Logging.Debug@3.100.320.12802 017
Microsoft.Extensions.Logging.EventLog.dllpkg:generic/Microsoft.Extensions.Logging.EventLog@3.100.320.12802 017
Microsoft.Extensions.Logging.EventSource.dllcpe:2.3:a:eventsource:eventsource:3.100.320.12802:*:*:*:*:*:*:*pkg:generic/Microsoft.Extensions.Logging.EventSource@3.100.320.12802 0Low17
Microsoft.Extensions.Logging.dllpkg:generic/Microsoft.Extensions.Logging@3.100.320.12802 015
Microsoft.Extensions.Logging.dllpkg:generic/Microsoft.Extensions.Logging@6.0.21.52210 015
Microsoft.Extensions.Logging:6.0.0pkg:nuget/Microsoft.Extensions.Logging@6.0.0 08
Microsoft.Extensions.Options.ConfigurationExtensions.dllpkg:generic/Microsoft.Extensions.Options.ConfigurationExtensions@3.100.320.12802 015
Microsoft.Extensions.Options.ConfigurationExtensions.dllpkg:generic/Microsoft.Extensions.Options.ConfigurationExtensions@6.0.21.52210 015
Microsoft.Extensions.Options.dllpkg:generic/Microsoft.Extensions.Options@3.100.320.12802 015
Microsoft.Extensions.Options.dllpkg:generic/Microsoft.Extensions.Options@6.0.21.52210 015
Microsoft.Extensions.PlatformAbstractions.dllpkg:generic/Microsoft.Extensions.PlatformAbstractions@1.1.0 021
Microsoft.Extensions.Primitives.dllpkg:generic/Microsoft.Extensions.Primitives@3.100.320.12802 015
Microsoft.Extensions.Primitives.dllpkg:generic/Microsoft.Extensions.Primitives@6.0.21.52210 015
Microsoft.IdentityModel.JsonWebTokens.dllcpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:json_web_token_project:json_web_token:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.JsonWebTokens@5.5.0.60624MEDIUM1Low16
Microsoft.IdentityModel.JsonWebTokens.dllcpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:json_web_token_project:json_web_token:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.JsonWebTokens@5.2.4.50619MEDIUM1Low16
Microsoft.IdentityModel.Protocols.OpenIdConnect.dllcpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Protocols.OpenIdConnect@5.5.0.60624MEDIUM1Low16
Microsoft.IdentityModel.Tokens.dllcpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Tokens@5.5.0.60624MEDIUM1Low16
Microsoft.IdentityModel.Tokens.dllcpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*		pkg:generic/Microsoft.IdentityModel.Tokens@5.2.4.50619MEDIUM1Low16
Microsoft.NET.Test.Sdk:15.5.0pkg:nuget/Microsoft.NET.Test.Sdk@15.5.0 08
Microsoft.TestPlatform.CrossPlatEngine.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine@15.0.0 0Low12
Microsoft.TestPlatform.CrossPlatEngine.resources.dllcpe:2.3:a:testplatform_project:testplatform:15.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.TestPlatform.CrossPlatEngine.resources@15.0.0 0Low11
Microsoft.VisualStudio.CodeCoverage.Shim.dllpkg:generic/Microsoft.VisualStudio.CodeCoverage.Shim@15.0.26228.0 017
Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dllcpe:2.3:a:microsoft:services:14.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:testplatform_project:testplatform:14.0.0.1:*:*:*:*:*:*:*		pkg:generic/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface@14.0.0.1 0Low15
Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dllcpe:2.3:a:microsoft:services:14.0.4503.01:*:*:*:*:*:*:*
cpe:2.3:a:testplatform_project:testplatform:14.0.4503.01:*:*:*:*:*:*:*		pkg:generic/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface@14.0.4503.01 0Low17
Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dllcpe:2.3:a:testplatform_project:testplatform:14.0.0.0:*:*:*:*:*:*:*pkg:generic/Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices@14.0.0.0 0Low15
Microsoft.VisualStudio.TestPlatform.TestFramework.dllcpe:2.3:a:testplatform_project:testplatform:14.0.0.1:*:*:*:*:*:*:*pkg:generic/Microsoft.VisualStudio.TestPlatform.TestFramework@14.0.0.1 0Low13
Microsoft.VisualStudio.TestPlatform.TestFramework.dllcpe:2.3:a:testplatform_project:testplatform:14.0.4503.01:*:*:*:*:*:*:*pkg:generic/Microsoft.VisualStudio.TestPlatform.TestFramework@14.0.4503.01 0Low15
Moq.dllpkg:generic/Moq@4.8.2 020
MySqlConnector.dllcpe:2.3:a:mysql:mysql:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:2.1.2:*:*:*:*:*:*:*		pkg:generic/MySqlConnector@2.1.2HIGH11Low15
MySqlConnector.dllcpe:2.3:a:mysql:mysql:0.61.0:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:0.61.0:*:*:*:*:*:*:*		pkg:generic/MySqlConnector@0.61.0HIGH11Low13
Newtonsoft.Json.Bson.dllcpe:2.3:a:newtonsoft:json.net:1.0.2:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json.Bson@1.0.2HIGH1Low15
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:13.0.1:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@13.0.1 0Low15
Newtonsoft.Json.dllcpe:2.3:a:newtonsoft:json.net:12.0.3:*:*:*:*:*:*:*pkg:generic/Newtonsoft.Json@12.0.3HIGH1Low15
Pomelo.EntityFrameworkCore.MySql.dllcpe:2.3:a:mysql:mysql:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:6.0.2:*:*:*:*:*:*:*		pkg:generic/Pomelo.EntityFrameworkCore.MySql@6.0.2 0Low22
Pomelo.EntityFrameworkCore.MySql.dllcpe:2.3:a:mysql:mysql:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:3.1.1:*:*:*:*:*:*:*		pkg:generic/Pomelo.EntityFrameworkCore.MySql@3.1.1HIGH11Low16
Pomelo.JsonObject.dllpkg:generic/Pomelo.JsonObject@2.2.1 013
RatePlanSwagger.js 00
ReportSwagger.js 00
SQLitePCLRaw.core.dllcpe:2.3:a:sqlite:sqlite:2.0.6:*:*:*:*:*:*:*pkg:generic/SQLitePCLRaw.core@2.0.6CRITICAL24Low12
SQLitePCLRaw.core.dllcpe:2.3:a:sqlite:sqlite:2.0.2:*:*:*:*:*:*:*pkg:generic/SQLitePCLRaw.core@2.0.2CRITICAL24Low12
SQLitePCLRaw.provider.e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:2.0.6:*:*:*:*:*:*:*pkg:generic/SQLitePCLRaw.provider.e_sqlite3@2.0.6CRITICAL24High12
SwaggerController.js 00
Swashbuckle.AspNetCore.Examples.dllpkg:generic/Swashbuckle.AspNetCore.Examples@2.9.0 024
Swashbuckle.AspNetCore.Swagger.dllpkg:generic/Swashbuckle.AspNetCore.Swagger@2.4.0 022
Swashbuckle.AspNetCore.SwaggerGen.dllpkg:generic/Swashbuckle.AspNetCore.SwaggerGen@2.4.0 024
System.IO.Pipelines.dllcpe:2.3:a:microsoft:system.io.pipelines:4.700.20.12001:*:*:*:*:*:*:*pkg:generic/System.IO.Pipelines@4.700.20.12001 0Low17
System.IdentityModel.Tokens.Jwt.dllcpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*		pkg:generic/System.IdentityModel.Tokens.Jwt@5.5.0.60624MEDIUM1Low16
System.IdentityModel.Tokens.Jwt.dllcpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*		pkg:generic/System.IdentityModel.Tokens.Jwt@5.2.4.50619MEDIUM1Low16
System.Net.Http.Formatting.dllcpe:2.3:a:microsoft:system.net.http:5.2.61128.0:*:*:*:*:*:*:*pkg:generic/System.Net.Http.Formatting@5.2.61128.0 0Low17
System.Text.Json.dllpkg:generic/System.Text.Json@4.700.20.6702 017
System.Xml.XPath.XmlDocument.dllpkg:generic/System.Xml.XPath.XmlDocument@1.0.24212.01 020
TaxSwagger.js 00
TransactionBillingHandler.Tests.csproj 02
TransactionBillingHandler.csproj 02
TransactionBillingHandler.dllpkg:generic/TransactionBillingHandler@1.0.0 016
async:3.2.0pkg:npm/async@3.2.0HIGH33
axios:0.21.1pkg:npm/axios@0.21.1HIGH43
billingUtility.js 00
core3.1.API.dllpkg:generic/core3.1.API@3.1.0.8 015
core3.1.AWS.dllpkg:generic/core3.1.AWS@3.1.0.7 015
core3.1.api.dllpkg:generic/core3.1.api@6.0.0.1 015
core3.1.aws.dllpkg:generic/core3.1.aws@6.0.0.3 015
core3.1.dllpkg:generic/core3.1@6.0.0.11 015
core3.1.dllpkg:generic/core3.1@3.1.0.14 015
core3.1.dllpkg:generic/core3.1@6.0.0.8 015
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
e_sqlite3.dllcpe:2.3:a:sqlite:sqlite:3:*:*:*:*:*:*:*CRITICAL24High4
follow-redirects:1.14.0pkg:npm/follow-redirects@1.14.0HIGH83
index.js 00
index.js 00
jsonwebtoken:8.5.1pkg:npm/jsonwebtoken@8.5.1HIGH63
merchantHandler.js 00
merchantRepository.js 00
minimatch:3.0.4pkg:npm/minimatch@3.0.4HIGH13
moment-timezone:0.5.33pkg:npm/moment-timezone@0.5.33MODERATE23
moment:2.29.1pkg:npm/moment@2.29.1HIGH43
path-to-regexp:6.2.0pkg:npm/path-to-regexp@6.2.0HIGH23
resellerHandler.js 00
resellerRepository.js 00
semver:5.7.1pkg:npm/semver@5.7.1HIGH23
swagger.js 00
swaggerDefinition.js 00
testhost.dllpkg:generic/testhost@15.0.0 011
validator:12.2.0pkg:npm/validator@12.2.0MEDIUM23
xml2js:0.4.19pkg:npm/xml2js@0.4.19MEDIUM23

Dependencies (vulnerable)

APF.Core3.1.API:6.0.0.*

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

APF.Core3.1.AWS:6.0.0.*

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

APF.Core3.1:6.0.0.*

File Path: D:\Auropayrepos\Billing\src\BillingKeyRotationExecutor\BillingKeyRotationExecutor.csproj

Identifiers

AWSSDK.CloudWatch.dll

Description:

AWSSDK.CloudWatch

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.CloudWatch.dll
MD5: 9d23346785b3396e8b59177713590423
SHA1: e84faaba12a5b79db1ab580fe8ea6c6b93d1fe03
SHA256:6486f279a31e811c144890f932cb7044f286bc803c5f8a988b62adb1c25ebc24

Identifiers

AWSSDK.CloudWatchEvents.dll

Description:

AWSSDK.CloudWatchEvents

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch Events. Amazon CloudWatch Events helps you to respond to state changes in your AWS resources. When your resources change state they automatically send events into an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a pre-determined schedule.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.CloudWatchEvents.dll
MD5: 6b1541f7461a9a513a718285e86d42ac
SHA1: 92cf5b4de876b4ba45d86aa0dc2e58659a4d57db
SHA256:331bbc34798197ca2ca68d0aa081227f4f030c610a5ff84227462021bf852f7b

Identifiers

AWSSDK.CloudWatchLogs.dll

Description:

AWSSDK.CloudWatchLogs

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon CloudWatch Logs. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.CloudWatchLogs.dll
MD5: c2d546dcd8bb37c54e2bfe6362bc2ac9
SHA1: a7387ef1a89f6cedd3e195c5d328520049ada04f
SHA256:b7232938714e18b2f44e14db68d4528a6e346db67a71067159bedfb87ea9af24

Identifiers

AWSSDK.CognitoIdentity.dll

Description:

AWSSDK.CognitoIdentity

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Cognito Identity. Amazon Cognito is a service that makes it easy to save user data, such as app preferences or game state, in the AWS Cloud without writing any backend code or managing any infrastructure. With Amazon Cognito, you can focus on creating great app experiences instead of having to worry about building and managing a backend solution to handle identity management, network state, storage, and sync.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.CognitoIdentity.dll
MD5: 077d87642ad4a529f29c588103e1e9e9
SHA1: 5f457ed88006ef6cd8754e8009ec90ee88ec4222
SHA256:245c739a5dfc5d54bfe748463cad69c62672376e5223d320fd5ea06e23e5ef26

Identifiers

AWSSDK.CognitoIdentityProvider.dll

Description:

AWSSDK.CognitoIdentityProvider

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Cognito Identity Provider. You can create a user pool in Amazon Cognito Identity to manage directories and users. You can authenticate a user to obtain tokens related to user identity and access policies. This API reference provides information about user pools in Amazon Cognito Identity, which is a new capability that is available as a beta.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.CognitoIdentityProvider.dll
MD5: e6a430a806b6c5c99263721a969311bb
SHA1: 0b91d48fdefd6bff4ba75f8c6192f1313d55e04c
SHA256:97c75eccc1a35cbf04492edf7e81e341611628e64c0747679764fd8c7b04484d

Identifiers

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Core Runtime

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.Core.dll
MD5: 467e76b9d9380d31edfeaae7ad995e12
SHA1: 8e71b48688d4ef0cd167702ca1c76ed557879520
SHA256:cd39c7453bdb706e6389daa8b08f745f12c198f71184de0fe7d3347cd6f555ec

Identifiers

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (NetStandard 2.0)- Core Runtime

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.Core.dll
MD5: 1f463f1e3930115794d56411f580826d
SHA1: 0db73f3c76d03a784a66d9143e5630e141d785e2
SHA256:c5c1d32e83004c0482e74ae306ab6ec92a7f54163c10e92e4a90536fb263b6ec

Identifiers

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (CoreCLR)- Core Runtime

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\netcoreapp3.1\AWSSDK.Core.dll
MD5: 9adb657d9554458de4e90591fa9c9b4a
SHA1: 0cb378d2417ddb26d55e475206b401383373f249
SHA256:1ac84c04ade928ed0a0d31ab6e77b58c07cbb96cb3e1b5b172d54ecd43ce8833

Identifiers

AWSSDK.Core.dll

Description:

AWSSDK.Core

The Amazon Web Services SDK for .NET (CoreCLR)- Core Runtime

File Path: D:\Auropayrepos\Billing\test\BillingScheduleExecutor.Tests\bin\Debug\netcoreapp3.1\AWSSDK.Core.dll
MD5: 8142034528edfe0f07519e323e3125e7
SHA1: 116b31083a140e581a81f01e4a0aefab181800d5
SHA256:9a80191d90262da17d7be0d607a38a352d2419393b7db53106346c0e2382276d

Identifiers

AWSSDK.DynamoDBv2.dll

Description:

AWSSDK.DynamoDBv2

The Amazon Web Services SDK for .NET (CoreCLR)- Amazon DynamoDB. Amazon DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.DynamoDBv2.dll
MD5: 1626d8dded3057aa4698589b5f80f15a
SHA1: 16c2dc274daf40d338a64bb190e3349498e84938
SHA256:d8fafdde1cd0323990a45fe7c90b9108678f52ea0652fb7cf4510853c3202096

Identifiers

AWSSDK.Extensions.NETCore.Setup.dll

Description:

AWSSDK.Extensions.NETCore.Setup

Amazon Web Services SDK for .NET extensions for .NET Core setup

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.Extensions.NETCore.Setup.dll
MD5: 16c4d2168143c1802bd5f0e22a6a6e77
SHA1: 4f2dd534473e60396793e3daf8e7d2c78c9749a7
SHA256:de842a88c3aef72b4b5c916dee93f367226d5587d8ea929ccfb083919395ba6b

Identifiers

AWSSDK.Extensions.NETCore.Setup.dll

Description:

AWSSDK.Extensions.NETCore.Setup

Amazon Web Services SDK for .NET extensions for .NET Core setup

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.Extensions.NETCore.Setup.dll
MD5: 87010d607256677129feb9f05469d319
SHA1: dea28aaafbfc90aaa4dc004efca778f54a910154
SHA256:0bad43d214874779041dbd5afced4e6c0fe1d558df44bfaee60e7f26e0843de2

Identifiers

AWSSDK.Extensions.NETCore.Setup:3.3.100.1

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

AWSSDK.Extensions.NETCore.Setup:3.7.2

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

AWSSDK.KeyManagementService.dll

Description:

AWSSDK.KeyManagementService

The Amazon Web Services SDK for .NET (.NET Core 3.1) - AWS Key Management Service. AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.KeyManagementService.dll
MD5: a1b05ac0406fb1a3ca086d90d74f6e99
SHA1: e1bebc738e77afd79877f9a014b1d3f673aa91bb
SHA256:64f4688ffddcd5f3bb01b54ba93b053c2c4d8e5075ab268ef89b3b7f7b5ef888

Identifiers

AWSSDK.KeyManagementService.dll

Description:

AWSSDK.KeyManagementService

The Amazon Web Services SDK for .NET (CoreCLR)- AWS Key Management Service. AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.KeyManagementService.dll
MD5: f86844270c32a094658538a897158533
SHA1: 7e5a3f4ff4c6f5d30ad4bbb317130f98a43b28cf
SHA256:6baee8f38b352ca831f9e0187c1cee1adf11b0fa634309ad420440c37832ad3f

Identifiers

AWSSDK.Kinesis.dll

Description:

AWSSDK.Kinesis

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Kinesis. Amazon Kinesis is a fully managed, cloud-based service for real-time processing of large, distributed data streams.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.Kinesis.dll
MD5: 55f9c9dfc45d0c99d00df1fdb8906dba
SHA1: d9bec436c205666bafd3a83c564f44f1842c910d
SHA256:1b9bda747c0f5649eb9f6f44fba0acd7b849e726c673b0cb38d5ee0bc7f78437

Identifiers

AWSSDK.Lambda.dll

Description:

AWSSDK.Lambda

The Amazon Web Services SDK for .NET (.NET Core 3.1) - AWS Lambda. AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.Lambda.dll
MD5: 565fb50b03e9ced659b44217eaf7f21d
SHA1: b82678f45e7dcfef8c05d9a2bc635c29b83d9916
SHA256:9475044bf55b6aaa7d3da7e817ef0f119322d0633169f10040421ae40c9742b0

Identifiers

AWSSDK.Lambda.dll

Description:

AWSSDK.Lambda

The Amazon Web Services SDK for .NET (CoreCLR)- AWS Lambda. AWS Lambda is a compute service that runs your code in response to events and automatically manages the compute resources for you, making it easy to build applications that respond quickly to new information.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.Lambda.dll
MD5: 3715c22cad72ae2d2efd0b8b5b7aadc1
SHA1: 0cafb26357e62dfd7ad76d47065de6eebd2277a1
SHA256:6e2bc35437600357397a65b96297862165b1b5de47ccc245841511c75fa4ddcd

Identifiers

AWSSDK.RDS.dll

Description:

AWSSDK.RDS

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Relational Database Service. Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database management tasks, freeing you up to focus on your applications and business.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.RDS.dll
MD5: 39b016f734436e0ce6e04f8deec3d91e
SHA1: f6a1c5b907fdfaa29114f5e2ee470cfe42c9968b
SHA256:3bed76b016236dca68609aa36434f7f81ec3d402b0408347dc81dadcafb7b839

Identifiers

AWSSDK.RDS.dll

Description:

AWSSDK.RDS

The Amazon Web Services SDK for .NET (CoreCLR)- Amazon Relational Database Service. Amazon Relational Database Service (Amazon RDS) is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while managing time-consuming database management tasks, freeing you up to focus on your applications and business.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.RDS.dll
MD5: 84dd282fb7f0f6eacd23ebe46d0a0c4d
SHA1: f2b2f65c0cda0b7c4aabc66777077efcaeb45040
SHA256:bc88f1e2504bf7426e430b2a0e2734f8af4b478690c5215331e5e606d7e5b600

Identifiers

AWSSDK.S3.dll

Description:

AWSSDK.S3

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Storage Service. Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable object storage.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.S3.dll
MD5: e353b098e61f99dc5ad9deb64979b086
SHA1: a8a5a8311baad216c4939b80ed1a4b0dee39221b
SHA256:5eba0cd9f4aa536ac36fab2cf8e1c3824f80be4e51ff863ec55f56a235c664a1

Identifiers

AWSSDK.S3.dll

Description:

AWSSDK.S3

The Amazon Web Services SDK for .NET (NetStandard 2.0)- Amazon Simple Storage Service. Amazon Simple Storage Service (Amazon S3), provides developers and IT teams with secure, durable, highly-scalable object storage.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.S3.dll
MD5: 43c27387511fc357b94fb4aeeebab83b
SHA1: ae9c05ad3f048d2573807b57da3ae9dd7f27891f
SHA256:155b02eca6801fa369b0de73a9c2dd33281eb691192fd1e3e0438a085cfd558d

Identifiers

AWSSDK.SQS.dll

Description:

AWSSDK.SQS

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Queue Service. Amazon Simple Queue Service (SQS) is a fast, reliable, scalable, fully managed message queuing service. SQS makes it simple and cost-effective to decouple the components of a cloud application.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.SQS.dll
MD5: b64058f765f446099bfafdd7de480b0b
SHA1: 074f840c244bab2a2de9679c2c536bfd8b180ceb
SHA256:a54f151d8eb606fd9d02e62489c76fbf0c7fb620268822f5ddb3989b948f31e4

Identifiers

AWSSDK.SecurityToken.dll

Description:

AWSSDK.SecurityToken

The Amazon Web Services SDK for .NET (.NET Core 3.1) - AWS Security Token Service. The AWS Security Token Service (AWS STS) enables you to provide trusted users with temporary credentials that provide controlled access to your AWS resources.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.SecurityToken.dll
MD5: cc71468541154b15038c3cac1bbb3f23
SHA1: d86b9f4eb2d14659d48f55169df90d1ef963d129
SHA256:fe6eaecdd72a6280bb72db3a17dc63748d32b1114254cac74c3c44da0d8cc25b

Identifiers

AWSSDK.SimpleNotificationService.dll

Description:

AWSSDK.SimpleNotificationService

The Amazon Web Services SDK for .NET (CoreCLR)- Amazon Simple Notification Service. Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push notifications to Apple, Google, Fire OS, and Windows devices, as well as Android devices in China with Baidu Cloud Push.  You can also use SNS to push notifications to internet connected smart devices, as well as other distributed services.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.SimpleNotificationService.dll
MD5: 8acfeb7c4bb2320a26f4f34a79166375
SHA1: d6ee29669ae69c961ad7268918a22db78c569a70
SHA256:bdf0a2a68778c6743ad9f3704f5dbcfd205759b04ef06ccd79c6627ace6149dc

Identifiers

AWSSDK.SimpleSystemsManagement.dll

Description:

AWSSDK.SimpleSystemsManagement

The Amazon Web Services SDK for .NET (.NET Core 3.1) - Amazon Simple Systems Manager (SSM). Amazon EC2 Simple Systems Manager (SSM) enables you to manage a number of administrative and configuration tasks on your instances.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AWSSDK.SimpleSystemsManagement.dll
MD5: ef1896a30bd410629a4c3796000d4a24
SHA1: 47987aaf60eef3520039aba68b84cc7f89dc1f6b
SHA256:04cb00a3c8aaeb5184a2963cc622a6a8a349d5d68111c6c71ee3cdc0c7f11b72

Identifiers

AWSSDK.SimpleSystemsManagement.dll

Description:

AWSSDK.SimpleSystemsManagement

The Amazon Web Services SDK for .NET (CoreCLR)- Amazon Simple Systems Manager (SSM). Amazon EC2 Simple Systems Manager (SSM) enables you to manage a number of administrative and configuration tasks on your instances.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AWSSDK.SimpleSystemsManagement.dll
MD5: 9d7c67102f70f6709d27479802205804
SHA1: 7f48e8f3b98bed74dc47182689b43c0868132474
SHA256:fbae843693fd5347eb124c53138c324c83d13b8d23ec9b7f6fc78b4b986042dd

Identifiers

Amazon.AspNetCore.DataProtection.SSM.dll

Description:

Amazon.AspNetCore.DataProtection.SSM

AWS Systems Manager ASP.NET Core Data Protection Provider library allows you to use AWS Systems Manager's Parameter Store to store keys generated by ASP.NET's Data Protection API.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.AspNetCore.DataProtection.SSM.dll
MD5: c68f7ef58793633aca20d5537f8556b6
SHA1: c6aa5cd3d91a92375da190b38531c610577ace5e
SHA256:67d29bc3abd30afc2b17f9d1f1c1f655e833983c766403e4ecd4795449cf7b69

Identifiers

Amazon.Lambda.APIGatewayEvents.dll

Description:

Amazon.Lambda.APIGatewayEvents

Lambda event interfaces for API Gateway event source.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.APIGatewayEvents.dll
MD5: b6ca3641f0c25773bac593a06a0fb9e3
SHA1: 95a763997227a26c7220d5ce12590f9c91cc2161
SHA256:3c570cbb4ae78b5882cbe5472fcc3c97c59e59d367d73d44908102df4671b234

Identifiers

Amazon.Lambda.APIGatewayEvents.dll

Description:

Amazon.Lambda.APIGatewayEvents

Lambda event interfaces for API Gateway event source.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\netcoreapp3.1\Amazon.Lambda.APIGatewayEvents.dll
MD5: 00f17bbfe43f3b67d0b2f98b72b804c1
SHA1: 441868b6d7c4d0b2f7e89c6e23d2800af8c97fd9
SHA256:d93cef190eb2aa79b10be098d73f45234649ea344a5db92f501453c30468cadb

Identifiers

Amazon.Lambda.APIGatewayEvents:2.3.0

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

Amazon.Lambda.ApplicationLoadBalancerEvents.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.ApplicationLoadBalancerEvents.dll
MD5: ae75d9f69d0372ed9f5670b7dda6d289
SHA1: 577796cab594dc7e43ce3f7a0c3002d9017cf789
SHA256:92d056aee57a68fb73e5d4844d6b8a31b5b357a348ec8410530efe0f8925621f

Identifiers

Amazon.Lambda.AspNetCoreServer.dll

Description:

Amazon.Lambda.AspNetCoreServer

Amazon.Lambda.AspNetCoreServer makes it easy to run ASP.NET Core Web API applications as AWS Lambda functions.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.AspNetCoreServer.dll
MD5: 1a98e64bd09cd446ffdf624e5a108e78
SHA1: e69b02e55705f32e276c83d025532c9464417518
SHA256:844a98b87b1f9f21591a939f01bb0bd19a0d455c663c7266b0b9050f0994c66d

Identifiers

Amazon.Lambda.AspNetCoreServer:6.1.0

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

Amazon.Lambda.CloudWatchEvents.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.CloudWatchEvents.dll
MD5: 95bcaf057baddd5713bcc10d17a73d5d
SHA1: bed28cd81de9b98d42c2bdf68a69aab61c5c26f7
SHA256:5f79fb4e79167c31d73b9bf1cff5f1b3241f9162e1aa889a76cccbe951f22b77

Identifiers

Amazon.Lambda.Core.dll

Description:

Amazon.Lambda.Core

Core interfaces for Lambda.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.Core.dll
MD5: e3ff649709a36002a8caeba1c2b6a63c
SHA1: 8a0d532bd5dd292dd8b5572c81a0af48a30cd5ce
SHA256:d3fd1d761d03288299dfb5bc5fbb9650c360e815176828704ed683d056ffa249

Identifiers

Amazon.Lambda.Core:2.1.0

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Amazon.Lambda.KinesisAnalyticsEvents.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.KinesisAnalyticsEvents.dll
MD5: 8f07da2c44d07e00ffd18617185a44a6
SHA1: a3ee958d7b47e88ab6ae0574f37e6fa6e953999a
SHA256:239691d2dfbae3d58ea3c9b8c2f5b396b4f25651c36daa79099a9cf6e8c9c427

Identifiers

Amazon.Lambda.KinesisFirehoseEvents.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.KinesisFirehoseEvents.dll
MD5: d82690e43781e417b29ff66f8b5ef4d0
SHA1: 4c1f6bba718b21df0b04b4bd67cbbc83dd2d2221
SHA256:179e5a4529400afdc968f507b8431d5231517a83152a3c0ad4eaf90b2a9cfc54

Identifiers

Amazon.Lambda.LexEvents.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.LexEvents.dll
MD5: b89322ea82ad62547d97a46dd9dc14b6
SHA1: db339961be56761b0e8a506e3c14fcd50b9e1e54
SHA256:96936afa0b68936a44785528b270f1e7f65967af7707d61d144fccf91cf6f35a

Identifiers

Amazon.Lambda.Logging.AspNetCore.dll

Description:

Amazon.Lambda.Logging.AspNetCore

ASP.NET Core logging support for Lambda.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.Logging.AspNetCore.dll
MD5: 9482935b3e88a8679c51b76bad324279
SHA1: 680ec56a97395d0c0f61bd550e0d2df20621e7c6
SHA256:770e5dfc23757a239061d5748dd0a2af820160cb84d793766cc2cabb6f4eeaf4

Identifiers

Amazon.Lambda.S3Events.dll

Description:

Amazon.Lambda.S3Events

Lambda event interfaces for S3 event source.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.S3Events.dll
MD5: 5ef1a162e3b5f0c31e8d4580f4624790
SHA1: 688edb3da7fbf8812e6fd5a819c52eb8fdb5bb49
SHA256:8271ee68778721ea61b439e5440a81a2863edfabdcb2c9c1778a9b8b86969fdd

Identifiers

Amazon.Lambda.SNSEvents.dll

Description:

Amazon.Lambda.SNSEvents

Lambda event interfaces for SNS event source.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\netcoreapp3.1\Amazon.Lambda.SNSEvents.dll
MD5: f881146171b0ea6a0fc50fa8070f69c3
SHA1: 92375b66246849aa3ee512a1152c8d23549d2114
SHA256:6bd8fe788d207edf4c664480e6e776e6f8841255d4a360040bb969d94699da0b

Identifiers

Amazon.Lambda.SNSEvents:2.0.0

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Amazon.Lambda.Serialization.Json.dll

Description:

Amazon.Lambda.Serialization.Json

Default serializer implementation for Lambda event sources.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Amazon.Lambda.Serialization.Json.dll
MD5: c030d6816810c3ea7b0fce93a9602136
SHA1: a17096f807250780cf8bdfd223aabb41deb25dfc
SHA256:159dce66dc379ab3b45aaf95b07c1398fef023d1d57b9d76b28b86916bdac66d

Identifiers

Amazon.Lambda.Serialization.Json:2.1.0

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Amazon.Lambda.Serialization.SystemTextJson.dll

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Amazon.Lambda.Serialization.SystemTextJson.dll
MD5: b77fcbcec7c650a0c1713ea9a1d09de2
SHA1: 0cd156da025e57bdd625f1df7f817cb52007a372
SHA256:a8ff5ed7ce213b6741500a3337e474a250daebd21146146f81f2ebdf31ce38e8

Identifiers

Amazon.Lambda.TestUtilities.dll

Description:

Amazon.Lambda.TestUtilities

Amazon.Lambda.TestUtilties includes stub implementations of interfaces defined in Amazon.Lambda.Core and helper methods.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Amazon.Lambda.TestUtilities.dll
MD5: a81b11181ac657ddc2cf6679c83b2bea
SHA1: 7f52db764fd242589c3633e9040502d0770628ff
SHA256:95055306e29aac1a48fa55289fc54161144adbd66b80e83182e440e23a524b79

Identifiers

Amazon.Lambda.TestUtilities.dll

Description:

Amazon.Lambda.TestUtilties includes stub implementations of interfaces defined in Amazon.Lambda.Core and helper methods.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\netcoreapp3.1\Amazon.Lambda.TestUtilities.dll
MD5: 1a1e09469deb2b6d36225759d4ff7a33
SHA1: c5b151728225b1fcedbde37d33373a1ee6fec1d9
SHA256:5afa18e3d4a7657b7e578dc3d5907fbe774a76d3b93edec54b9c0d4bac587878

Identifiers

AutoMapper.Extensions.Microsoft.DependencyInjection.dll

Description:

AutoMapper.Extensions.Microsoft.DependencyInjection

AutoMapper extensions for ASP.NET Core

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AutoMapper.Extensions.Microsoft.DependencyInjection.dll
MD5: bf5a14d1fdeba396f8d80bf66d217820
SHA1: 8f6b9999990441713357167e68401e9464b8b09b
SHA256:89637796f62f8c6ef5a4d01e869d7cf79ed5c50316b1e6af28e6d84952c77ea8

Identifiers

AutoMapper.dll

Description:

AutoMapper

A convention-based object-object mapper.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AutoMapper.dll
MD5: 4ae1c613bb4d98881e5ecfc5dd74471e
SHA1: 11e1f342709437e30fe8a66284eb11360dcaa889
SHA256:8890c79488484a283961028752a4f4b25f04a33222d838990225f99376748085

Identifiers

AwsParameterStore.Microsoft.Extensions.Configuration.dll

Description:

AwsParameterStore.Microsoft.Extensions.Configuration

AWS Systems Manager Parameter Store configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\AwsParameterStore.Microsoft.Extensions.Configuration.dll
MD5: 6cff4cd5f4718297b37aa5e5bdc12d3b
SHA1: c45342ce39b8ea74491f13ab6382a1b479a7ad60
SHA256:903a0610bba31e40d1031e08d2a51354754f06c542678e587fbedab222def010

Identifiers

AwsParameterStore.Microsoft.Extensions.Configuration.dll

Description:

AwsParameterStore.Microsoft.Extensions.Configuration

AWS Systems Manager Parameter Store configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\AwsParameterStore.Microsoft.Extensions.Configuration.dll
MD5: 7b07fd2d63418a86bd994b46fa631aad
SHA1: b6c3723f112014019c3a94a5fefbd5598260ffef
SHA256:363c5a0bb77188cbacb5713c4860e481e6b4ffc7262612b81fc25d30ed167d4e

Identifiers

Billing.API.Tests.csproj

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj
MD5: 7226982f7485d199f5ce3b77da2e4864
SHA1: d149208b39b32a6ade9961379d75f87859895b7e
SHA256:585cb620df6faf2af02561693fd7850e17bf6ad59fea49257a34ddb689e3a3ca

Identifiers

  • None

Billing.API.Tests.dll

Description:

Billing.API.Tests

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Billing.API.Tests.dll
MD5: f59afe2a757e983b9f8119af92aef4fd
SHA1: 4a4b13136711437bddae6aa2f27e29cc0127259f
SHA256:54c1ff484a0ed5023204547e1bc42492878049df76ec7f2c92a8591f561ee02b

Identifiers

Billing.API.csproj

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj
MD5: 2b4958738ab5e80dd5fd752be0e5fb9c
SHA1: 1be392cc77ec280963020d825a1f90cc2e534e96
SHA256:4e1aa29e5fe9707339154cf56657a920e022b8dfd20142f9e8375d6b2095d52b

Identifiers

  • None

Billing.API.dll

Description:

Billing.API

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Billing.API.dll
MD5: a20ae1670ef1c369a4a8edb3879417ac
SHA1: 8e85503d0308bd7a3ebf2252eec3ec56cae0d629
SHA256:3f47bd198b6963fe15a089ac9a4be218ddd3cbb011dec8a36ee82ade09b5bba4

Identifiers

Billing.API.exe

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Billing.API.exe
MD5: 6399b8c3fc095daa185919ecad34952e
SHA1: 5397d67abb4d9674d0e030094891cefe73a0c8a6
SHA256:02128f2f7e75edbb320614fb20aa738350a2277321c3c525353ef00a21e4325f

Identifiers

  • None

Billing.API.exe

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Billing.API.exe
MD5: 6026f0715cc6f7194657102f8d33026f
SHA1: c8d1a06ab6de7f6fe7743237a0e8f97b1119d445
SHA256:f32f0acf45eb30c5c9821ef54b21bbf2b353eb052caf64c1893d2a6beb06bcd9

Identifiers

  • None

Billing.Tests.csproj

File Path: D:\Auropayrepos\Billing\test\Billing.Test\Billing.Tests.csproj
MD5: beb4089236cc7923658acfc064cf6597
SHA1: 5ab50572d9addc796c76a5f37385ae29b986ff61
SHA256:bf352fee37311a459e4240940821e6f5cd090b5b9a0d07a5ec40ef111c5992c2

Identifiers

  • None

Billing.Tests.dll

Description:

Billing.Tests

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Billing.Tests.dll
MD5: bafd3551c12d47239a69a7d901e1050b
SHA1: 67fe8f574e4be1b1e820d1383fff5a9a572cad16
SHA256:ff5eea29fb221a87f6612ce7e514b35da1efa971ab1f55220465498f74982151

Identifiers

Billing.csproj

File Path: D:\Auropayrepos\Billing\src\Billing\Billing.csproj
MD5: 6b87732f13f8e060726f139862afad5b
SHA1: 3ddc5b3726d6c826a11579b7f4f12330f8caeafd
SHA256:caaf542f4c1ec8c62342ff9639ef5884f7db8b48c3dfdc264a8ffe5bad7de827

Identifiers

  • None

Billing.dll

Description:

Billing

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Billing.dll
MD5: a1bbfe569da4d9eba5ecfa9a87e987c8
SHA1: d4b0fcb09bb1101d391176b820b256d6d0b625d2
SHA256:b7b2379f03f3491e943c65cf81480e6e33c8d71981a0358bc7069fd2e1c1617a

Identifiers

BillingKeyRotationExecutor.Tests.csproj

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\BillingKeyRotationExecutor.Tests.csproj
MD5: b9bbfe5bae565074f646358b105cd62a
SHA1: 59fd3eca1cc8244f79ffeec5398067554e2d19af
SHA256:da853aa75c37b8bfa01c6c7ff3b26552155399f6f00f75dcbafedecae12f91a5

Identifiers

  • None

BillingKeyRotationExecutor.Tests.dll

Description:

BillingKeyRotationExecutor.Tests

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\BillingKeyRotationExecutor.Tests.dll
MD5: c74ae7a08cd4736da98d6594714b7983
SHA1: b5045c20d09136d4616fde42b5f4f63480c6100c
SHA256:26879432d5965868cb52c3e4aa179c0c6182c871f3631d38b5c7f5e53201ffdd

Identifiers

BillingKeyRotationExecutor.csproj

File Path: D:\Auropayrepos\Billing\src\BillingKeyRotationExecutor\BillingKeyRotationExecutor.csproj
MD5: a52ec25f40aac40b212a32e97b4c5a50
SHA1: ca816f228da2d3b643ea0bfcd70588d5d7b3cc41
SHA256:ab8ff5f76f5308db87bd166cdd89244382ecf9ed17131916d1484b45affa0ceb

Identifiers

  • None

BillingKeyRotationExecutor.dll

Description:

BillingKeyRotationExecutor

File Path: D:\Auropayrepos\Billing\src\BillingKeyRotationExecutor\bin\Debug\net6.0\BillingKeyRotationExecutor.dll
MD5: 897a5ff0c84d045a263f1675e843ccdb
SHA1: c09dac1b797de73287f98c360510169af176a40a
SHA256:e4f3c041b1d7d4950f4ac627893c1ad871df0b979b11aabbc922b36c9c716399

Identifiers

BillingScheduleExecutor.Tests.csproj

File Path: D:\Auropayrepos\Billing\test\BillingScheduleExecutor.Tests\BillingScheduleExecutor.Tests.csproj
MD5: 152513b44c561bce000188e0c633d2f1
SHA1: ec8d6771183a5a610b4479516e34976da97217ef
SHA256:fffdeb80ab04e811b02c0d56b846c641e799a5c6bd7be080fb8c5f48b13aa628

Identifiers

  • None

BillingScheduleExecutor.Tests.dll

Description:

BillingScheduleExecutor.Tests

File Path: D:\Auropayrepos\Billing\test\BillingScheduleExecutor.Tests\bin\Debug\net6.0\BillingScheduleExecutor.Tests.dll
MD5: e1267270dcf4c9b9e0fa315fada2a91c
SHA1: f93bbe6dcebef8128c74542ffbdf2121df852027
SHA256:8dee8210121b2a92c0fa102ec92660613605a78c40de988c9416d1b7d0e46367

Identifiers

BillingScheduleExecutor.csproj

File Path: D:\Auropayrepos\Billing\src\BillingScheduleExecutor\BillingScheduleExecutor.csproj
MD5: 77465981d3dd758d3cc79740ddad6479
SHA1: 045736b4c4aff6718342f97db84ef83b37faa97d
SHA256:5907b8d690a828183972ecdbd49aa9ff5a2e1262de803edf6e1a18ec4638809b

Identifiers

  • None

BillingScheduleExecutor.dll

Description:

BillingScheduleExecutor

File Path: D:\Auropayrepos\Billing\src\BillingScheduleExecutor\bin\Debug\net6.0\BillingScheduleExecutor.dll
MD5: 26e40fd1ab572ec3694423afceac87bf
SHA1: 993ac9c39cea276848cc02698f6edcc1c28580d5
SHA256:c59b4a62b45bbab7c199d3e9801c97b17141e1308d303f826ac7e42705ca2f70

Identifiers

Castle.Core.dll

Description:

Castle Core

Castle Core, including DynamicProxy, Logging Abstractions and DictionaryAdapter

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Castle.Core.dll
MD5: c61b61fdcb770f341eb7a903fc9684a9
SHA1: 03b6586f30739006f6ef3a4645205b91c1544b8d
SHA256:7f34412cf227e622eff0d0a687c1f08c3297b8df8435780f02b99e60da842c80

Identifiers

FeeSwagger.js

File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\FeeConfiguration\FeeSwagger.js
MD5: 5f08083b34316de6139e623e734c1689
SHA1: c45692cbee8296c305b4429197c87e05e229b06f
SHA256:36a81f0935e69b43563df7ba8b8aa9ccd12a8a0a021a8d88912c5e6039f53968

Identifiers

  • None

Flee:1.2.1

File Path: D:\Auropayrepos\Billing\src\TransactionBillingHandler\TransactionBillingHandler.csproj

Identifiers

FluentValidation.AspNetCore.dll

Description:

FluentValidation.AspNetCore

AspNetCore integration for FluentValidation

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\FluentValidation.AspNetCore.dll
MD5: 8e216637cc046d978f094941eb698c40
SHA1: 5b6a2071b4055f93be71fc42e55ec60b0ad5882b
SHA256:50fef80fb821c6d0b221aab984b4e0b0ced37b4ad2e21b8eb4459de4d5fca349

Identifiers

FluentValidation.AspNetCore:11.3.0

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

FluentValidation.DependencyInjectionExtensions.dll

Description:

FluentValidation.DependencyInjectionExtensions

Dependency injection extensions for FluentValidation

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\FluentValidation.DependencyInjectionExtensions.dll
MD5: 0033eee7f05c774e2271b3b848d426cd
SHA1: cf79f75aaf9db05c41f215db02964b18874e367c
SHA256:3168b9f878f6c92775d9c57d2b3eea4c72107b72541c424ac859672fd80d5608

Identifiers

FluentValidation.dll

Description:

FluentValidation

A validation library for .NET that uses a fluent interface to construct strongly-typed validation rules.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\FluentValidation.dll
MD5: b2b8f1e70976a3542d7d2c5a7357b34e
SHA1: b700e72f97f0c8babfc8c38bc22bc2cd00b85567
SHA256:668f03932c1e61d41fcf7d2f4b591cd2d08c6bdd83aec8c74e2309780125302f

Identifiers

Hashids.net.dll

Description:

Hashids.net

Generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Hashids.net.dll
MD5: 5d1689f2e4d893290b8a90b464e95bea
SHA1: d4bcf419c9ba3256243f904d489be5c4fb1bdc72
SHA256:ac19cd5e5239dd7c1b21fefad505b965eac63a105306ce2a43a98f8df2d742c4

Identifiers

Hashids.net.dll

Description:

Hashids.net

Generate YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Hashids.net.dll
MD5: 4ee98fe3c85b8f3d4ddcf8d0552340d7
SHA1: 873d03c01e43ab3d2fcb003a9e0325c612e5f0de
SHA256:c9bec0ef0b33f92bfe905e4d2e32142a1f894409e2fce01262ea443049f7fb42

Identifiers

Humanizer.dll

Description:

Humanizer

A micro-framework that turns your normal strings, type names, enum fields, date fields ETC into a human friendly format

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Humanizer.dll
MD5: b23ec3bf471a12c288f2a46b428bd013
SHA1: 766c5bf33247f5d399f410873f4640c35fbc885e
SHA256:15e988ab3e8d84900ae90549eb399aac452d55edf0109e06fa1a9b227ddfd4c4

Identifiers

InvoiceHandler.Tests.csproj

File Path: D:\Auropayrepos\Billing\test\InvoiceHandler.Tests\InvoiceHandler.Tests.csproj
MD5: 073962fa2642fa8e4f8f477ea52aaf4a
SHA1: 0237ea9c8f7dd118c5b638cf2ae35342cd089b52
SHA256:def589a2d62d4fce80d5271ffeb4f3fd4a4ec596d17d909891d87d578c72d0c8

Identifiers

  • None

InvoiceHandler.csproj

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj
MD5: b309151305c82d18475fdf96ce0c7a43
SHA1: 30568f0262e95de833dd3227579bdd7971d1be1f
SHA256:51c5ec100082ff26235617f90c1c0bc47ea2580ab2f1ec50efc3c55ca1ad77bc

Identifiers

  • None

InvoiceHandler.dll

Description:

InvoiceHandler

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\bin\Debug\netcoreapp3.1\InvoiceHandler.dll
MD5: 1f803ad0911d8496b7529964f62fe8c4
SHA1: fbe86db15ad5a510782110e06383e81ea18445bb
SHA256:7614acb50e6627b712f5847a206220c4ffd0b6779e1c25e458620f2be67d38dc

Identifiers

Lumigo.DotNET.Instrumentation.dll

Description:

Lumigo.DotNET.Instrumentation

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Lumigo.DotNET.Instrumentation.dll
MD5: e4d82c66569f9018e8eb35f07a0853b9
SHA1: 06f2aee4ed03a9563fdf119cba3e371969a62b8b
SHA256:a0b49a18bcf417aeaeb2defd55858916a36f6e20c638901cacc734c8e2dee67c

Identifiers

Lumigo.DotNET.Parser.dll

Description:

Lumigo.DotNET.Parser

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Lumigo.DotNET.Parser.dll
MD5: 8f73799c54f37cfe9242d24a8cadb19e
SHA1: 4b678ea57bb25a3ab189116083d5bb8ab6ec0ddc
SHA256:953362896d4482d14e3e3f1c16f9e8804a07be70001057b6fb1995f9b866be80

Identifiers

Lumigo.DotNET.Utilities.dll

Description:

Lumigo.DotNET.Utilities

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Lumigo.DotNET.Utilities.dll
MD5: 57723ebe4b524e97b1a8eef9b434f7ac
SHA1: 5f5c55f891b979890f606721a65fb020a516ba3b
SHA256:ec83d49a5d94ef4e3bbae004b57fd22e19a534b3b0612a397970b86f29279955

Identifiers

Lumigo.DotNET.dll

Description:

Lumigo.DotNET

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Lumigo.DotNET.dll
MD5: 8dd28f78db0d271e52f6cb3995d610a4
SHA1: 7ca292cce2dd9301347389ba601d36b42f4b4557
SHA256:d66a787d2600af189e4ec512afbaf39078cebbabdf619427b309bcc36f3ec106

Identifiers

MSTest.TestAdapter:1.2.0

File Path: D:\Auropayrepos\Billing\test\Billing.Test\Billing.Tests.csproj

Identifiers

MSTest.TestFramework:1.2.0

File Path: D:\Auropayrepos\Billing\test\Billing.Test\Billing.Tests.csproj

Identifiers

MerchantBillingConfigSwagger.js

File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\FeeConfiguration\MerchantBillingConfigSwagger.js
MD5: 578b6ed5971a1af8c208ed6abb218a24
SHA1: aa46e3762fe9576f70169e3b8377a4416949533d
SHA256:135c04b32178dbcba2817e55b1d143d12ea3fa11771cdcf6d5cb56c4736b49db

Identifiers

  • None

Microsoft.AspNet.WebApi.Client:5.2.7

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

  • pkg:nuget/Microsoft.AspNet.WebApi.Client@5.2.7  (Confidence:Highest)
  • cpe:2.3:a:asp-project:asp-project:5.2.7:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:web_project:web:5.2.7:*:*:*:*:*:*:*  (Confidence:Low)  

Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

CVE-2021-34532 (OSSINDEX)  

ASP.NET Core and Visual Studio Information Disclosure Vulnerability
CWE-noinfo

CVSSv2:
  • Base Score: LOW (2.0999999046325684)
  • Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:*:Microsoft.AspNetCore.Authentication.JwtBearer:3.1.3:*:*:*:*:*:*:*

Microsoft.AspNetCore.Http.Features.dll

Description:

Microsoft.AspNetCore.Http.Features

ASP.NET Core HTTP feature interface definitions.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.AspNetCore.Http.Features.dll
MD5: 579533485134bccd71f0d8fe3291459a
SHA1: 35329bca57374d7f7473ad8601ddca289a651b8e
SHA256:b9d18a72894ddb9d659026b2c2e34972c7b73a44788d74a71fecb2f96e365a6c

Identifiers

Microsoft.AspNetCore.JsonPatch.dll

Description:

Microsoft.AspNetCore.JsonPatch

ASP.NET Core support for JSON PATCH.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.AspNetCore.JsonPatch.dll
MD5: c37498e27a9761e82ae24e1e757f3691
SHA1: 0592f910f2c039fb786085397b800ce62c454174
SHA256:f721bfbf0071870dbbeb2497b51dfacceb472e1d35fb757b308d932ecb3f497b

Identifiers

Microsoft.AspNetCore.JsonPatch:3.1.0

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

Microsoft.AspNetCore.TestHost.dll

Description:

Microsoft.AspNetCore.TestHost

ASP.NET Core web server for writing and running tests.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.AspNetCore.TestHost.dll
MD5: b95cfe9a6a395bf2c80ab6ec605f823c
SHA1: a30bb04a4ab18f0efd69e03c92947195a79cd029
SHA256:26a4c866cb1194b637d4d1e57318446d2241b6d8e6354820e5334d1035d56a5f

Identifiers

Microsoft.AspNetCore.TestHost.dll

Description:

Microsoft.AspNetCore.TestHost

ASP.NET Core web server for writing and running tests.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\netcoreapp3.1\Microsoft.AspNetCore.TestHost.dll
MD5: bc5d1bc97377e8004f9ff71a81761fea
SHA1: b58376ec7fb829c0b1ba3eb6dace39edc429dd41
SHA256:ec31cf6a1d807bf0c8ea162f1c2aed37aa12aa6db6caa48422d72bf7a94d7422

Identifiers

Microsoft.AspNetCore.TestHost:6.0.0

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

Microsoft.Bcl.AsyncInterfaces.dll

Description:

Microsoft.Bcl.AsyncInterfaces

Microsoft.Bcl.AsyncInterfaces

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Bcl.AsyncInterfaces.dll
MD5: 2d270ddbca547ab26b5be6e16e4825d7
SHA1: 206852b9b8a1a26524446b6b8b820890885fca03
SHA256:3815a1da8afeda653a7a5c2a3df98bef61416552a5d96cd32782ff22b29e5cce

Identifiers

Microsoft.Bcl.HashCode.dll

Description:

Microsoft.Bcl.HashCode

Microsoft.Bcl.HashCode

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Bcl.HashCode.dll
MD5: 613ab56061adf2284e047025207467e0
SHA1: f09e6253c5427e3fe1516c877c36065b721ac8ca
SHA256:cb9f8ef871353cd8129f44f03e8de11f862386ec25b52de060892b4930f640eb

Identifiers

Microsoft.DotNet.InternalAbstractions.dll

Description:

Abstractions for making code that uses file system and environment testable.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.DotNet.InternalAbstractions.dll
MD5: eafc60cf6f13766c9ab96f5b23457252
SHA1: 8f8d4c9a0b1f700bc2ad8134b3200ce0683e95b9
SHA256:afd22ba2a118645e049e27d65164c97125e416934d1cbd16fa0f231d0fe68f5b

Identifiers

Microsoft.DotNet.PlatformAbstractions.dll

Description:

Abstractions for making code that uses file system and environment testable.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.DotNet.PlatformAbstractions.dll
MD5: a69ee0c1195620088b4efb1e8c9dca3d
SHA1: cede41194639465753550adecbecf32e85e582c7
SHA256:359451c3e3be25f7c383713787d1a3e762579c648bbce8e37b5010c0622f9681

Identifiers

Microsoft.DotNet.PlatformAbstractions.dll

Description:

Microsoft.DotNet.PlatformAbstractions

Abstractions for making code that uses file system and environment testable.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\Microsoft.DotNet.PlatformAbstractions.dll
MD5: 29039cb12beb5c746884b957dbdffea5
SHA1: ed84c077a8fb2fbf86375fc4f1bcc31c7a304463
SHA256:654d4b5f29e32148bb36dfc03523718d7a55c864bf0fae07e0f330e47aabd409

Identifiers

Microsoft.EntityFrameworkCore.Abstractions.dll

Description:

Microsoft.EntityFrameworkCore.Abstractions

Provides abstractions and attributes that are used to configure Entity Framework Core

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Abstractions.dll
MD5: 10d7e7d4107ff1292ce723a0e295a210
SHA1: 064b9fb9c0af946f0524a4ae0939f0e5235518e2
SHA256:000b5e98a2973b06a7e9a40be6a640aa87fec8d4c5be870444a62f1e1d999f48

Identifiers

Microsoft.EntityFrameworkCore.Abstractions.dll

Description:

Microsoft.EntityFrameworkCore.Abstractions

Provides abstractions and attributes that are used to configure Entity Framework Core

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.EntityFrameworkCore.Abstractions.dll
MD5: 22def23a3eb5ebe4c490f7fd24bc33e7
SHA1: fa0b06a3a9ac0e6048b6f6c6616e2e8671c52d9e
SHA256:e2f6e5192aa0da4afed13209213bdf183b2ed6cdb64ff3be48929e56575725f7

Identifiers

Microsoft.EntityFrameworkCore.Abstractions.dll

Description:

Microsoft.EntityFrameworkCore.Abstractions

Provides abstractions and attributes that are used to configure Entity Framework Core

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Abstractions.dll
MD5: 86b1d7511868631ac5a699abfad28641
SHA1: b7705d526a2d2297231b463509727590fcef3dd8
SHA256:5fa213113051002988514ca4a25df91d4a8166d7b8ae6b49de419895d7acc1e1

Identifiers

Microsoft.EntityFrameworkCore.Design.dll

Description:

Microsoft.EntityFrameworkCore.Design

Shared design-time components for Entity Framework Core tools.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Design.dll
MD5: d0cbe8314f64cd49878b2f5ef82f1293
SHA1: 71795ba9adb3c4986b43683103ddb7b95da6cf74
SHA256:337f3880797f064a3cb870cda7ffedebeb37b7a9b73ffe9940e761db616e8ef0

Identifiers

Microsoft.EntityFrameworkCore.Design.dll

Description:

Microsoft.EntityFrameworkCore.Design

Shared design-time components for Entity Framework Core tools.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.EntityFrameworkCore.Design.dll
MD5: 4e96fe31a025a2e5a83d85a0e68e6c9c
SHA1: e2dbe060976948eb59a0446ec78739bed5094f0a
SHA256:4956403fe97bb122eae3ad7d208076603575b32f170027dab95c5df0de3eac55

Identifiers

Microsoft.EntityFrameworkCore.Relational.dll

Description:

Microsoft.EntityFrameworkCore.Relational

Shared Entity Framework Core components for relational database providers.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Relational.dll
MD5: 8962aec8fbc3c75a3e089fc4640544b9
SHA1: 43062bd4185c0696971e2412c5a70e09224d2606
SHA256:8a2d716851524bd05cc4a16778d4edf497c65449a876f15922e48285cc79180c

Identifiers

Microsoft.EntityFrameworkCore.Relational.dll

Description:

Microsoft.EntityFrameworkCore.Relational

Shared Entity Framework Core components for relational database providers.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.EntityFrameworkCore.Relational.dll
MD5: 4b8e08f71513c30b23871a4f8eebc953
SHA1: 0fe8692a6333d80f16c15f714a0042958364150d
SHA256:77b2ad0667f8811c30e6a4a923e7e8e2f18b2872a224fe8656879fc1a5f4a144

Identifiers

Microsoft.EntityFrameworkCore.Relational.dll

Description:

Microsoft.EntityFrameworkCore.Relational

Shared Entity Framework Core components for relational database providers.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Relational.dll
MD5: 9c6b3702c80a8a5c046bf74ae43c8dd3
SHA1: 9dfecd1ffec471e9b166513f09ce41cbab0298d7
SHA256:9b18ff5e121055c643dc21d7b7cdcfce8298147e7d67296cb697e06513de29eb

Identifiers

Microsoft.EntityFrameworkCore.Relational.dll

Description:

Microsoft.EntityFrameworkCore.Relational

Shared Entity Framework Core components for relational database providers.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Relational.dll
MD5: 7fc88f8521204fb8dd3d88fccfc95019
SHA1: 0355e8588fe03caf93c7b8c62e2d00f1c6466b6c
SHA256:9fdf3e18c8652204ad369c4fd3ebf6daa789c2f3c2cdac6583030007c32a95d2

Identifiers

Microsoft.EntityFrameworkCore.Relational:6.0.7.0

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

Microsoft.EntityFrameworkCore.Sqlite.dll

Description:

Microsoft.EntityFrameworkCore.Sqlite

SQLite database provider for Entity Framework Core. This package does not include a copy of the native SQLite library.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.Sqlite.dll
MD5: ac226a58c78c52773d582aa4f5624723
SHA1: dc14ffc052d87d90416e989f9bbdb3de7998232d
SHA256:5623d0f3c48a81b79f087d26a0202d947c2a48cc80d6a0a09280979835a07e5d

Identifiers

Microsoft.EntityFrameworkCore.Sqlite.dll

Description:

Microsoft.EntityFrameworkCore.Sqlite

SQLite database provider for Entity Framework Core.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\Microsoft.EntityFrameworkCore.Sqlite.dll
MD5: 5660132b9b924c37ca02cde9d5d66e7a
SHA1: 13ea9aea8a7f08a52dcc45baffb6b6ccf1a43f96
SHA256:87de1e51af62958e629a0b8eb9c3543182076e837ab5d8e4c3ed4a20f88d8de0

Identifiers

Microsoft.EntityFrameworkCore.dll

Description:

Microsoft.EntityFrameworkCore

Entity Framework Core is a modern object-database mapper for .NET. It supports LINQ queries, change tracking, updates, and schema migrations. EF Core works with SQL Server, Azure SQL Database, SQLite, Azure Cosmos DB, MySQL, PostgreSQL, and other databases through a provider plugin API.

Commonly Used Types:
Microsoft.EntityFrameworkCore.DbContext
Microsoft.EntityFrameworkCore.DbSet

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.dll
MD5: 852c7e8791f22fdc1c0be01a35b81889
SHA1: c9779da9a726f2465fcd0c3e654bb6cc9ea4bf27
SHA256:1c09d5a5a846943a468e444515abccdafe4c787dc003ef5f5d0230baf381c461

Identifiers

Microsoft.EntityFrameworkCore.dll

Description:

Microsoft.EntityFrameworkCore

Entity Framework Core is a lightweight and extensible version of the popular Entity Framework data access technology.

Commonly Used Types:
Microsoft.EntityFrameworkCore.DbContext
Microsoft.EntityFrameworkCore.DbSet

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.EntityFrameworkCore.dll
MD5: abdd4f757a3a5602bcb912c00c4f7f2e
SHA1: 3aa8b0ee706376bdf8597e28c27ee9119002a0f3
SHA256:59625470a2cdf36b886fb301dbbdc97aa3e1e1e0cef310101667632f4da4858a

Identifiers

Microsoft.EntityFrameworkCore.dll

Description:

Microsoft.EntityFrameworkCore

Entity Framework Core is a modern object-database mapper for .NET. It supports LINQ queries, change tracking, updates, and schema migrations. EF Core works with SQL Server, Azure SQL Database, SQLite, Azure Cosmos DB, MySQL, PostgreSQL, and other databases through a provider plugin API.

Commonly Used Types:
Microsoft.EntityFrameworkCore.DbContext
Microsoft.EntityFrameworkCore.DbSet

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.EntityFrameworkCore.dll
MD5: 73146811272dc2b5353b3cb9b3e26caa
SHA1: 42708abdcb5d9b477ecebfc4be5f29776b860c5b
SHA256:da96237f5b353adb2fe4162101668df82453e96d0d82ffecf61bc24c19b18738

Identifiers

Microsoft.EntityFrameworkCore:6.0.10.0

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\Billing.API.Tests.csproj

Identifiers

Microsoft.Extensions.Caching.Abstractions.dll

Description:

Microsoft.Extensions.Caching.Abstractions

Caching abstractions for in-memory cache and distributed cache.
Commonly used types:
Microsoft.Extensions.Caching.Distributed.IDistributedCache
Microsoft.Extensions.Caching.Memory.IMemoryCache

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Caching.Abstractions.dll
MD5: 2b09fb0d244b7d68cb4ab0329ddfd44c
SHA1: 30ad465476d0a5813bcecbe586ae71a1dc9d0c86
SHA256:21f381e4b789b37f736388639b39ff933f17b8a9dbdd8de50e688a71857efc73

Identifiers

Microsoft.Extensions.Caching.Abstractions.dll

Description:

Microsoft.Extensions.Caching.Abstractions

Caching abstractions for in-memory cache and distributed cache.

Commonly Used Types:
Microsoft.Extensions.Caching.Distributed.IDistributedCache
Microsoft.Extensions.Caching.Memory.IMemoryCache

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.Caching.Abstractions.dll
MD5: ad8f9c7c55b0af08132defe0126cb883
SHA1: 5af0968158dbf4be321c91137d204dc94e9d6107
SHA256:58b71920a96072dda78f8869681bd95df1e8ad01bd0c7f41fc567620a78f1b62

Identifiers

Microsoft.Extensions.Caching.Memory.dll

Description:

Microsoft.Extensions.Caching.Memory

In-memory cache implementation of Microsoft.Extensions.Caching.Memory.IMemoryCache.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Caching.Memory.dll
MD5: 4b05e228ce48e5aa53361feb8d30398a
SHA1: d71b874fee66d6f8bf003b97869050f466c28db7
SHA256:68e25eb71dab3eea401ac5e0d8d0912f9a7eff17733325126e69f6e2dc567d0c

Identifiers

Microsoft.Extensions.Caching.Memory.dll

Description:

Microsoft.Extensions.Caching.Memory

In-memory cache implementation of Microsoft.Extensions.Caching.Memory.IMemoryCache.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Caching.Memory.dll
MD5: 0fa46063aec2bba8bc9fd3c6099284c9
SHA1: 990e6cafd55bae787782c7bae7fbf8f5b6f1e676
SHA256:1ed38aba73ed877e6abb65eebf59170d76db970c6f69bdb426743d3d20a2666a

Identifiers

Microsoft.Extensions.Configuration.Abstractions.dll

Description:

Microsoft.Extensions.Configuration.Abstractions

Abstractions of key-value pair based configuration.
Commonly used types:
Microsoft.Extensions.Configuration.IConfiguration
Microsoft.Extensions.Configuration.IConfigurationBuilder
Microsoft.Extensions.Configuration.IConfigurationProvider
Microsoft.Extensions.Configuration.IConfigurationRoot
Microsoft.Extensions.Configuration.IConfigurationSection

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.Abstractions.dll
MD5: c4d9b0aeb8dc01da57b6a7b9482e0e7d
SHA1: 5062288e714e4f6350d5d23ca9adb0b830769998
SHA256:f442098e7b9310dc4001c0c4e4ae2a3378bb4a8d4733ffc08c9a3b42b71abe93

Identifiers

Microsoft.Extensions.Configuration.Abstractions.dll

Description:

Microsoft.Extensions.Configuration.Abstractions

Abstractions of key-value pair based configuration.

Commonly Used Types:
Microsoft.Extensions.Configuration.IConfiguration
Microsoft.Extensions.Configuration.IConfigurationBuilder
Microsoft.Extensions.Configuration.IConfigurationProvider
Microsoft.Extensions.Configuration.IConfigurationRoot
Microsoft.Extensions.Configuration.IConfigurationSection

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Abstractions.dll
MD5: 134885709f7087d3a1bad3108179578a
SHA1: c524c7d46a343b75a64bf52b19e3c70c453f9061
SHA256:e4eb5eb7e28a5548cd904fe1a9c3569adef91f52b654db8a3c56a0a5177a09eb

Identifiers

Microsoft.Extensions.Configuration.Binder.dll

Description:

Microsoft.Extensions.Configuration.Binder

Functionality to bind an object to data in configuration providers for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.Binder.dll
MD5: e5c90b244afa1dc2020d2afa85a17788
SHA1: b8d39e4b8e3e1dbc7c943643826d0952578f9b7b
SHA256:c00a43562aad1e80ae3ae4106ac83813ad4411d5ff40bbcaacf106fd43ee2e23

Identifiers

Microsoft.Extensions.Configuration.Binder.dll

Description:

Microsoft.Extensions.Configuration.Binder

Functionality to bind an object to data in configuration providers for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Binder.dll
MD5: 90e58d5a0eb7af2cf55bb8022821e681
SHA1: 144c4fa6c3cef6b532ce7b7c3c27753bda514714
SHA256:c0d2a11b73afc7c8eac5bb1ccf60002e5b132df23a18bd9dc8385eeb7992b283

Identifiers

Microsoft.Extensions.Configuration.CommandLine.dll

Description:

Microsoft.Extensions.Configuration.CommandLine

Command line configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.CommandLine.dll
MD5: 206cc9b5083d579cfce4087c220f5cdc
SHA1: bc8e1531c23ac9c3da5f6d5890df9725b4a6d860
SHA256:baa79d6cf6fa53cc43994a9fe1da4bd5f4af02a0d1deabd9fed5a59a30fcd383

Identifiers

CVE-2015-0897  

LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.Extensions.Configuration.EnvironmentVariables.dll

Description:

Microsoft.Extensions.Configuration.EnvironmentVariables

Environment variables configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
MD5: 08f52a0ff6e9a3602259930674f95c5e
SHA1: 4fd2e59545e6c845f8f9de6ce8fc4540acf1aa25
SHA256:94fb00fe869f78b572e8564d2700b143f392a5ab7c110e8c81981d5edbf632f7

Identifiers

Microsoft.Extensions.Configuration.EnvironmentVariables.dll

Description:

Microsoft.Extensions.Configuration.EnvironmentVariables

Environment variables configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.EnvironmentVariables.dll
MD5: e5b4ad006560b172f6fa3662d9c6fa32
SHA1: 685a01ed091a7cbe1076dd5653bead9d061aa5d9
SHA256:db25f20f8605c0afa15806b41ce1e9867551681fce4b1262415855713829cdca

Identifiers

Microsoft.Extensions.Configuration.EnvironmentVariables:6.0.1

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Microsoft.Extensions.Configuration.FileExtensions.dll

Description:

Microsoft.Extensions.Configuration.FileExtensions

Extension methods for configuring file-based configuration providers for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.FileExtensions.dll
MD5: 2bd4c8ee985c084ed98861b8b59c11ab
SHA1: e941f1bab9b9317dd213a8c2178db684c32690c6
SHA256:052eb5ca21f1cf0b6d64f8f60a9e21900173be7679d0adab9bd1bf61ee9202f5

Identifiers

Microsoft.Extensions.Configuration.FileExtensions.dll

Description:

Microsoft.Extensions.Configuration.FileExtensions

Extension methods for configuring file-based configuration providers for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Configuration.FileExtensions.dll
MD5: 3604168610204920999aeb27fa52ce14
SHA1: 5ad4642c871d47e022080f5c707da159b432efe7
SHA256:9f67d13f6ff5b463736821793d4e218134a51caf3ce8ebe205fd9801db3735d1

Identifiers

Microsoft.Extensions.Configuration.Json.dll

Description:

Microsoft.Extensions.Configuration.Json

JSON configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.Json.dll
MD5: 3cce1880f8c7406a493003608040cb4b
SHA1: c83e510d5a81843f8a8f03b943a8f69d78e7e97e
SHA256:b22ba758625764318d8fcd374b4a260880bd6756c5ed5f8e4e8bbe3b4249f210

Identifiers

Microsoft.Extensions.Configuration.Json.dll

Description:

Microsoft.Extensions.Configuration.Json

JSON configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Configuration.Json.dll
MD5: f632ba94ae101b3a171d59801a2d5c19
SHA1: 182a3cdc49febc6ce3f96056c399af1311129af7
SHA256:476f3fcb02d6c48705c4ab43223d08c42f9b5e2e2ead7e811de2cbdb847ebd34

Identifiers

Microsoft.Extensions.Configuration.Json:6.0.0

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Microsoft.Extensions.Configuration.UserSecrets.dll

Description:

Microsoft.Extensions.Configuration.UserSecrets

User secrets configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.UserSecrets.dll
MD5: f9255c8f30ac81d4693d1ddce2f59a07
SHA1: b1be780e5f10dadd9bb1965739722e15a67a7171
SHA256:cdb02893f9a9e822f8646836ec9e25c3c538a56872225f98a6b495103938eba8

Identifiers

Microsoft.Extensions.Configuration.UserSecrets.dll

Description:

Microsoft.Extensions.Configuration.UserSecrets

User secrets configuration provider implementation for Microsoft.Extensions.Configuration.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.UserSecrets.dll
MD5: 3289bc416e49299b48b70ec2ee2dc709
SHA1: 3021cd5f2909f6a1fc8055fa97656158da89d0a3
SHA256:8a8d7407aa8e18b742ddc0073aa5baa077f07b280254298cce4b18ad69d3b133

Identifiers

Microsoft.Extensions.Configuration.dll

Description:

Microsoft.Extensions.Configuration

Implementation of key-value pair based configuration for Microsoft.Extensions.Configuration. Includes the memory configuration provider.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Configuration.dll
MD5: 2607271d374e06d794599b10cb1a9f8c
SHA1: 5c5ad43797bbe3b9ab09d9b60ca34f2053f75eec
SHA256:567cce7f8eb0cf3bb445ba455af1fdb9c4e0afbb6e10bbe8c3930682295182d1

Identifiers

Microsoft.Extensions.Configuration.dll

Description:

Microsoft.Extensions.Configuration

Implementation of key-value pair based configuration for Microsoft.Extensions.Configuration. Includes the memory configuration provider.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Configuration.dll
MD5: b728301ff656247336fd2f2a82a3bb4d
SHA1: a31811872d78aa9e11bff97e10f5d493c2e12d64
SHA256:a27ba255016b997dc30df8c808f45331c7b6449a00d0c68596f853fcb6edd2ca

Identifiers

Microsoft.Extensions.Configuration:6.0.1

File Path: D:\Auropayrepos\Billing\src\Billing\Billing.csproj

Identifiers

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Description:

Microsoft.Extensions.DependencyInjection.Abstractions

Abstractions for dependency injection.
Commonly used types:
Microsoft.Extensions.DependencyInjection.IServiceCollection

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.DependencyInjection.Abstractions.dll
MD5: 2a234fe4c85e7d2a495684aced5ede53
SHA1: 1af6cd5bdb962616591fd65bb85b929fc277afb5
SHA256:c9c9ff5072e78c2efb04dbecbab3f89a4b983fca2e775a15c9f49295928cca67

Identifiers

Microsoft.Extensions.DependencyInjection.Abstractions.dll

Description:

Microsoft.Extensions.DependencyInjection.Abstractions

Abstractions for dependency injection.

Commonly Used Types:
Microsoft.Extensions.DependencyInjection.IServiceCollection

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.Abstractions.dll
MD5: d6cfda4e1c948aeb3e5d57376334375f
SHA1: cb8c35306afd15358104ecfe70e724ad9c753e6f
SHA256:9ccd830351aa28bc683d4f8d1cefd9e724161f972d25bfb64eee5bf55c48c5e3

Identifiers

Microsoft.Extensions.DependencyInjection.dll

Description:

Microsoft.Extensions.DependencyInjection

Default implementation of dependency injection for Microsoft.Extensions.DependencyInjection.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.DependencyInjection.dll
MD5: f5fc619ac21d262950da7f5332384bf3
SHA1: 6823e8981cdaff3dd3de262094915a7661e2996d
SHA256:13e1108252ab13d657a67c6b9738ea350ba67b876bc50e4933af0cd2e0228001

Identifiers

Microsoft.Extensions.DependencyInjection.dll

Description:

Microsoft.Extensions.DependencyInjection

Default implementation of dependency injection for Microsoft.Extensions.DependencyInjection.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.DependencyInjection.dll
MD5: a4b9882e8b98ff78c05ef4c14c4a880e
SHA1: 8eaf3f9e7c4a58e175ce0521ce87faf9899a7a3f
SHA256:7e9994e99cadf56f82a32653b5146549f0adcd33b373935520568aa3ce6d527c

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Abstractions for reading `.deps` files.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.DependencyModel.dll
MD5: c99274e8d8276563d8cefa3870b54b75
SHA1: 90a1325a25bad7ca88b80305599f9027981c900b
SHA256:c9eb87d14a9d170badcbce407888c2a565f1f216deaa6d615d1e741c4b62c10b

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Abstractions for reading `.deps` files.

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.Extensions.DependencyModel.dll
MD5: 13f8831d108ed271d068990df780dac7
SHA1: 8ea6b66104aff050ecaf5be489caee177987f56b
SHA256:7577357b33958c973cc296030ca19a06914100dc320fa1c7e985b06dfbec8df3

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Microsoft.Extensions.DependencyModel

Abstractions for reading `.deps` files.

Commonly Used Types:
Microsoft.Extensions.DependencyModel.DependencyContext

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.DependencyModel.dll
MD5: b0b997723e8a50f98f8ee30975338117
SHA1: 9ef5542d260d0123c62e50006cd4b433feaf4626
SHA256:b6406254657a68f84df707987a9319dafbd2e8681fd2e384f3c7ee5883510078

Identifiers

Microsoft.Extensions.DependencyModel.dll

Description:

Microsoft.Extensions.DependencyModel

Abstractions for reading `.deps` files.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\Microsoft.Extensions.DependencyModel.dll
MD5: 2e65e88c5ead473bbfa58388536542b9
SHA1: 3b0650598cc74afa26df1bfe862e2d26a276ab72
SHA256:abb57873f310ba41aba2ca28676d99aa75fd33262eb539ab9ddbb55ec33c72ae

Identifiers

Microsoft.Extensions.FileProviders.Abstractions.dll

Description:

Microsoft.Extensions.FileProviders.Abstractions

Abstractions of files and directories.
Commonly used types:
Microsoft.Extensions.FileProviders.IDirectoryContents
Microsoft.Extensions.FileProviders.IFileInfo
Microsoft.Extensions.FileProviders.IFileProvider

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.FileProviders.Abstractions.dll
MD5: 95fa597516ec6f42d9892f52049b5744
SHA1: b8db6b5f5bdf4adddb84940988eae02b3234fc59
SHA256:a980b878982d5fe7e352d2d023d8df924d0ab425c015660fecee8dd16b4db906

Identifiers

Microsoft.Extensions.FileProviders.Abstractions.dll

Description:

Microsoft.Extensions.FileProviders.Abstractions

Abstractions of files and directories.

Commonly Used Types:
Microsoft.Extensions.FileProviders.IDirectoryContents
Microsoft.Extensions.FileProviders.IFileInfo
Microsoft.Extensions.FileProviders.IFileProvider

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.FileProviders.Abstractions.dll
MD5: 3644e5e1981b0bde71ed60f5e3754ffb
SHA1: 3029f45a1397291b4e7eee9db9b5dcde5a47ab7d
SHA256:ecfcef11c42fa4ad5cf2d4d7f553c8f0017e5eb7a4a9b032b4d0505c98ef4ef4

Identifiers

Microsoft.Extensions.FileProviders.Physical.dll

Description:

Microsoft.Extensions.FileProviders.Physical

File provider for physical files for Microsoft.Extensions.FileProviders.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.FileProviders.Physical.dll
MD5: ff5f18c40a48a1ccbd49fc0fe7a1bb4d
SHA1: 1292a90897c8e7b49c69010eebc3aa71de2ba9e0
SHA256:a78b17917714c653c303faf8d08724499d3f93bce1174114a50e7b766c595bef

Identifiers

Microsoft.Extensions.FileProviders.Physical.dll

Description:

Microsoft.Extensions.FileProviders.Physical

File provider for physical files for Microsoft.Extensions.FileProviders.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.FileProviders.Physical.dll
MD5: 16b277856e7168ca27e32cbf0112eaaf
SHA1: 616a44c9b1b0d4d6ad6ad37b41556a6e727cc3e5
SHA256:b17ba3bc63190e004167d1ea7dc12af57b0cd29bf0ca13edeb4340f6a2c3cc62

Identifiers

Microsoft.Extensions.FileSystemGlobbing.dll

Description:

Microsoft.Extensions.FileSystemGlobbing

File system globbing to find files matching a specified pattern.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.FileSystemGlobbing.dll
MD5: eb000772b831990a55a57a0531d5a8a4
SHA1: d2e0be5cb78c735845996f489d7504bc0e6cb832
SHA256:2b76059ab5b66f0da702f801a9626f643d8a37dab5bd15733b2a7a00e4a88cca

Identifiers

Microsoft.Extensions.FileSystemGlobbing.dll

Description:

Microsoft.Extensions.FileSystemGlobbing

File system globbing to find files matching a specified pattern.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.FileSystemGlobbing.dll
MD5: 35af9a93caeb8e69c1b41c99ed74b4f5
SHA1: e0f87d149cb7a7bd30ec407f801f4ea4fa210f12
SHA256:be2897386d1fc215a86d3d1343564e262641751bd846559b0ed8f3fba77cb102

Identifiers

Microsoft.Extensions.Hosting.Abstractions.dll

Description:

Microsoft.Extensions.Hosting.Abstractions

.NET Core hosting and startup abstractions for applications.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Hosting.Abstractions.dll
MD5: 3a277f28173e0b85f330ad72127bbd8e
SHA1: 7e2d92cc56a25288279b0df55ffcdbcc37a7579b
SHA256:c29f8b8134de2d12985d58047feaf9f66aca809aef9a0ef35d379193abb95b0c

Identifiers

Microsoft.Extensions.Hosting.dll

Description:

Microsoft.Extensions.Hosting

Hosting and startup infrastructures for applications.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Hosting.dll
MD5: d57f28ca156b8bc37e4547751443bfb1
SHA1: a1132e597ba1f2796de1e4ed2d6a0d929af195d5
SHA256:327b4c2e65a9f1d546d2d70443bb654eb25675a8d3ea2e098c81e7b53f7a4bbd

Identifiers

Microsoft.Extensions.Hosting.dll

Description:

Microsoft.Extensions.Hosting

.NET Core hosting and startup infrastructures for applications.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Hosting.dll
MD5: 37fb34c99bb0c5b47b4d12a6d04a91d2
SHA1: 0deff1afa9371c87d69b447b83fb535ebc0c6837
SHA256:21f7bbc53e3e8b9ce2e3d9e6a3cec4d5f1d2310f9d85c8303563b3432d91d666

Identifiers

Microsoft.Extensions.Hosting:6.0.1

File Path: D:\Auropayrepos\Billing\src\Billing.API\Billing.API.csproj

Identifiers

Microsoft.Extensions.Logging.Abstractions.dll

Description:

Microsoft.Extensions.Logging.Abstractions

Logging abstractions for Microsoft.Extensions.Logging.

Commonly Used Types:
Microsoft.Extensions.Logging.ILogger
Microsoft.Extensions.Logging.ILoggerFactory
Microsoft.Extensions.Logging.ILogger<TCategoryName>
Microsoft.Extensions.Logging.LogLevel
Microsoft.Extensions.Logging.Logger<T>
Microsoft.Extensions.Logging.LoggerMessage
Microsoft.Extensions.Logging.Abstractions.NullLogger

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.Logging.Abstractions.dll
MD5: 2d352734d0b1b60b04f29be9f21189b2
SHA1: 0d8799d2f98dedc3b0af806a539240c5f52a4826
SHA256:c3e73ec5f2e1f10200c25ba1ba0c8f73cb0fbc09a6202fd44f19ee813ece89da

Identifiers

Microsoft.Extensions.Logging.Abstractions.dll

Description:

Microsoft.Extensions.Logging.Abstractions

Logging abstractions for Microsoft.Extensions.Logging.
Commonly used types:
Microsoft.Extensions.Logging.ILogger
Microsoft.Extensions.Logging.ILoggerFactory
Microsoft.Extensions.Logging.ILogger<TCategoryName>
Microsoft.Extensions.Logging.LogLevel
Microsoft.Extensions.Logging.Logger<T>
Microsoft.Extensions.Logging.LoggerMessage
Microsoft.Extensions.Logging.Abstractions.NullLogger

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.Abstractions.dll
MD5: 1bca771ab50a685b5c9afe52b5bfeb56
SHA1: 8d1155cf7db51b913dfded871d69fb8bf1dcaa29
SHA256:e3989ae9798621ae5623770750813d2a1568ae795995e616f81e453e97c3d704

Identifiers

Microsoft.Extensions.Logging.Abstractions:6.0.1

File Path: D:\Auropayrepos\Billing\src\Billing\Billing.csproj

Identifiers

Microsoft.Extensions.Logging.Configuration.dll

Description:

Microsoft.Extensions.Logging.Configuration

Configuration support for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.Configuration.dll
MD5: 89df702ee7ebdf81f202507a22c032a6
SHA1: 6a2386840ca37932aa1910e090059b69a25465bd
SHA256:a1b2fbce69e0f43da668ea604f0b9a6a950cf2238fbca10ee5e80a4a573e5a51

Identifiers

Microsoft.Extensions.Logging.Configuration.dll

Description:

Microsoft.Extensions.Logging.Configuration

Configuration support for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Logging.Configuration.dll
MD5: 4ae6a362c9f43eec7d139374b6ca2b42
SHA1: b16abc24aa3cd064722c40c75c33819ef221e1c5
SHA256:aa17d34ef4c4acb44f88823e73dbeabcdb71070729289f487795825e3d71b55d

Identifiers

Microsoft.Extensions.Logging.Console.dll

Description:

Microsoft.Extensions.Logging.Console

Console logger provider implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.Console.dll
MD5: 1a226cabf870c49f2ddb699934323717
SHA1: 8d41757aea143af6777cb118d348f37f32d0f4e7
SHA256:5339844ab2c4ca6a341de4264962659faef782d42d69dd289e560caf185241ec

Identifiers

Microsoft.Extensions.Logging.Console.dll

Description:

Microsoft.Extensions.Logging.Console

Console logger provider implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Logging.Console.dll
MD5: 25466fcc891b4b51d8fe43d69070f6af
SHA1: 6d982cd9110a4a9409ccd22ceacfa4619b4b9cd1
SHA256:1a1537feab4be72e18ef0eea2de4ab7954c3c3925c39d61daf527e1ce26e2af4

Identifiers

Microsoft.Extensions.Logging.Console:6.0.0

File Path: D:\Auropayrepos\Billing\src\InvoiceHandler\InvoiceHandler.csproj

Identifiers

Microsoft.Extensions.Logging.Debug.dll

Description:

Microsoft.Extensions.Logging.Debug

Debug output logger provider implementation for Microsoft.Extensions.Logging. This logger logs messages to a debugger monitor by writing messages with System.Diagnostics.Debug.WriteLine().

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.Debug.dll
MD5: 0c42258cedb689a108520174d8ae28e5
SHA1: a229a2a4ceb9fef28941fe05a531c9fd6768d739
SHA256:83bda4f2d8a7fa65546bc6b83ba677cc46a41d71b312e7656fad0c23960f6a86

Identifiers

Microsoft.Extensions.Logging.EventLog.dll

Description:

Microsoft.Extensions.Logging.EventLog

Windows Event Log logger provider implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.EventLog.dll
MD5: bb92ff7d6bc24a1226145bcb27cfb05b
SHA1: b047c4fcceb27d43a22b9ca98818d80821da52e5
SHA256:29a30f5b071440adfa2439086c0fc3cb669bb31c30f4f9b7798ff47d614e2631

Identifiers

Microsoft.Extensions.Logging.EventSource.dll

Description:

Microsoft.Extensions.Logging.EventSource

EventSource/EventListener logger provider implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.EventSource.dll
MD5: 4208c69022aeac7b0e4fbdb8d006428b
SHA1: 4e437e61782f252417386ecd93c3bc3f95311a78
SHA256:99e0911053744db8909dfffdd61349176b6b59d774ad8611ee2f2080fda9e788

Identifiers

Microsoft.Extensions.Logging.dll

Description:

Microsoft.Extensions.Logging

Logging infrastructure default implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Logging.dll
MD5: 07883d6ab8b1d340c7f741a4e76de37f
SHA1: aa4ffea4cfc5d6659d1504662acf3978c2b26e12
SHA256:12679f3e17446aaaec20e2cb250d3a36f819794db4931b1ad93a95639ae94621

Identifiers

Microsoft.Extensions.Logging.dll

Description:

Microsoft.Extensions.Logging

Logging infrastructure default implementation for Microsoft.Extensions.Logging.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.Logging.dll
MD5: 037fa19d37892f003cb18c3f4f070b66
SHA1: 7bea9201a90f69ff958f5bf64e959d1e4021f252
SHA256:183650081b551dfad967a7cbf79946a229cb79458b8d04a12db7c44b03bb9ab7

Identifiers

Microsoft.Extensions.Logging:6.0.0

File Path: D:\Auropayrepos\Billing\src\Billing\Billing.csproj

Identifiers

Microsoft.Extensions.Options.ConfigurationExtensions.dll

Description:

Microsoft.Extensions.Options.ConfigurationExtensions

Provides additional configuration specific functionality related to Options.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Options.ConfigurationExtensions.dll
MD5: 7d8e404e20da93c8c4ceb1ac69102e22
SHA1: 8d7fd7b130d98288072decb09e791e1ca7815b8c
SHA256:71c8de7d235d3cd71f7706e17d2e7fbc3acacb40d539561f176fb5300c58d3bd

Identifiers

Microsoft.Extensions.Options.ConfigurationExtensions.dll

Description:

Microsoft.Extensions.Options.ConfigurationExtensions

Provides additional configuration specific functionality related to Options.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.Extensions.Options.ConfigurationExtensions.dll
MD5: aa84540ac227790262b8f1dbb7a3bb83
SHA1: 009750c08e5a3ddca91db2538dff9203e5e54608
SHA256:a4244cbd8e903a2a5c2c43f01b48c355818c6183ea8efbbbd9c3c5b72e8364a1

Identifiers

Microsoft.Extensions.Options.dll

Description:

Microsoft.Extensions.Options

Provides a strongly typed way of specifying and accessing settings using dependency injection.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Options.dll
MD5: 408e06e1ca742bf078a7530e15566fe7
SHA1: 846bc7636e31ffbc85cd7aae7926984ba0fa0431
SHA256:891a8c2581c7233ae5c9d68384ca0f099260978e2e79ef76f4469b09b9c4078c

Identifiers

Microsoft.Extensions.Options.dll

Description:

Microsoft.Extensions.Options

Provides a strongly typed way of specifying and accessing settings using dependency injection.

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.Options.dll
MD5: 950440793a182cc76ffc7f7280e55daf
SHA1: 6ec0c1fe1332912086247080b55b06623c78326e
SHA256:786112cb2f6646ef1170219a8c0bb813c9f14a6781e67c6266414f55a679565d

Identifiers

Microsoft.Extensions.PlatformAbstractions.dll

Description:

Abstractions that unify behavior and API across .NET Framework, .NET Core and Mono

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.Extensions.PlatformAbstractions.dll
MD5: aa4d6950dcb5906324f8d7a8f72c4639
SHA1: 1f9251a7ad5accf0530552a7970962ed91f583d6
SHA256:d4f515a2f586bf503a61a41e9b91417884241fa031b08dba1cda715235207b7e

Identifiers

Microsoft.Extensions.Primitives.dll

Description:

Microsoft.Extensions.Primitives

Primitives shared by framework extensions. Commonly used types include:
Microsoft.Extensions.Primitives.IChangeToken
Microsoft.Extensions.Primitives.StringValues
Microsoft.Extensions.Primitives.StringSegment

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Microsoft.Extensions.Primitives.dll
MD5: 80cba8f0015bf4de092ae69793e5ca33
SHA1: b2bacdede4aac2ba55fa33397f726083c2d2c2bd
SHA256:cb7bfb0b65855843fc0ffe7b58b61ad8b25a34ea0e518239ff0bf35c0aec1a9d

Identifiers

Microsoft.Extensions.Primitives.dll

Description:

Microsoft.Extensions.Primitives

Primitives shared by framework extensions. Commonly used types include:

Commonly Used Types:
Microsoft.Extensions.Primitives.IChangeToken
Microsoft.Extensions.Primitives.StringValues
Microsoft.Extensions.Primitives.StringSegment

File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\Microsoft.Extensions.Primitives.dll
MD5: a53d11973f75b15bef19c16a35ffb432
SHA1: 376636c20cee083da54d4146479032170ec7231b
SHA256:8ce9a85927ec7507b11ffe90080e7a811d51304a9e8b1da20c350159ba403902

Identifiers

Microsoft.IdentityModel.JsonWebTokens.dll

Description:

Microsoft.IdentityModel.JsonWebTokens

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.IdentityModel.JsonWebTokens.dll
MD5: 65c7e619dda9b81635e1f7be0d65b16b
SHA1: f293b3a6da1a042375b6542f32ff0e35fcdaeb69
SHA256:b3f631be0586746f14719179e8abbf92175d723182b63588581867e381604a68

Identifiers

  • pkg:generic/Microsoft.IdentityModel.JsonWebTokens@5.5.0.60624  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:json_web_token_project:json_web_token:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.JsonWebTokens.dll

Description:

Microsoft.IdentityModel.JsonWebTokens

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.IdentityModel.JsonWebTokens.dll
MD5: ae774eadf9e44317dc96d44d041316a3
SHA1: b9ad2ebcfa7f57b0dcb27d57d06b713bfb4e8e5b
SHA256:9e269254da78ada0c8de878f63716bc80a83d6c4a59f9d204233729aa2fa523b

Identifiers

  • pkg:generic/Microsoft.IdentityModel.JsonWebTokens@5.2.4.50619  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:json_web_token_project:json_web_token:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Protocols.OpenIdConnect.dll

Description:

Microsoft.IdentityModel.Protocols.OpenIdConnect

Includes types that provide support for OpenIdConnect protocol.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll
MD5: 798c630436e7a44b6cd619e1da2c3fdf
SHA1: 4690c4ea6a8133a55e3f4e5f8cd0f5912050082f
SHA256:19b5ed3bd950a0ff92b27b3e471af561fa2a15161cd9c5f8abddceb2dc4b3848

Identifiers

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Tokens.dll

Description:

Microsoft.IdentityModel.Tokens

Includes types that provide support for SecurityTokens, Cryptographic operations: Signing, Verifying Signatures, Encryption.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Microsoft.IdentityModel.Tokens.dll
MD5: d3d6162f80fc61dc23465354b3371b91
SHA1: 024f9c905c6ae7df7a01c5fd812152bcbfff42b3
SHA256:74ae7cb30f963da8ef318825069567094687aacecbffa2984a9592dca92f2217

Identifiers

  • pkg:generic/Microsoft.IdentityModel.Tokens@5.5.0.60624  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.IdentityModel.Tokens.dll

Description:

Microsoft.IdentityModel.Tokens

Includes types that provide support for SecurityTokens, Cryptographic operations: Signing, Verifying Signatures, Encryption.

File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\Microsoft.IdentityModel.Tokens.dll
MD5: 53a8c5d25afad88d4efee56676ccaf7f
SHA1: e4876facd6546a5970089cdd04abcee759963630
SHA256:1b7712f086314ea37173b4c051defdf87f49b05c529a96904fcc5e1c5ffaf2c4

Identifiers

  • pkg:generic/Microsoft.IdentityModel.Tokens@5.2.4.50619  (Confidence:Medium)
  • cpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2024-21319  

Microsoft Identity Denial of service vulnerability
CWE-20 Improper Input Validation, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

Microsoft.NET.Test.Sdk:15.5.0

File Path: D:\Auropayrepos\Billing\test\Billing.Test\Billing.Tests.csproj

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.TestPlatform.CrossPlatEngine.dll
MD5: f4eedc1c75b69c0d0d9e80ed757c43b0
SHA1: 8cce74986da289f36b5f5ba64c12703e25945df2
SHA256:05ff637d5a3508f5f379c2735facff65a88dd25a4912207c5cb02de23259dfac

Identifiers

Microsoft.TestPlatform.CrossPlatEngine.resources.dll

Description:

Microsoft.TestPlatform.CrossPlatEngine

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\cs\Microsoft.TestPlatform.CrossPlatEngine.resources.dll
MD5: bf13ccd4e04ef31316ca03e3021d433d
SHA1: ab21ea3dcbf9ba2c6a3b822dd0be3be60345064e
SHA256:ce0540e1483437963f00b27cf76cbc24acffbab8a28aa33e48cd6be38aab9800

Identifiers

Microsoft.VisualStudio.CodeCoverage.Shim.dll

Description:

Microsoft.VisualStudio.CodeCoverage.Shim.dll

Microsoft.VisualStudio.CodeCoverage.Shim.dll

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.CodeCoverage.Shim.dll
MD5: 18abc24fbcd39e398b03e6ec0dac1d15
SHA1: 5232d8f57f098056bed6ef39e927c91f3dd68011
SHA256:d7cdd2d3e02ada6de7b99d6795bea37020a3040c1232f253e6fd5785346250c0

Identifiers

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll

Description:

PlatformServices.Interface

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll
MD5: 2b3ec335ca319194f5d3a659fce6cd04
SHA1: eb0a5b0c79885fd3055909824a6da1564aa6dd6f
SHA256:a4d7473b9b42ed3b0a5eac2de952d4e89f7080a56c0e75c6c6f6a749cae05ae5

Identifiers

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll

Description:

PlatformServices.Interface

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\netcoreapp3.1\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.Interface.dll
MD5: 3d537dbd003448bedf2cc940a8832645
SHA1: 142311338a3ec2959cafe044a04e019324286936
SHA256:62b8e52d58b4ba13a852c3c18ac974e9f269eb0cb5850da3f3dcffe6670c0f03

Identifiers

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll

Description:

Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices

Package Description

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.MSTestAdapter.PlatformServices.dll
MD5: 3f8bca30b8e4e6079109d7e138695c95
SHA1: fb51b4f214bcba19b3257ab9346b7688944d2f5f
SHA256:f9869df4ad60ed2a8a51c05d313d07d9152ec3f9811b65765e445ff10a04869c

Identifiers

Microsoft.VisualStudio.TestPlatform.TestFramework.dll

Description:

MSTest.Core

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Microsoft.VisualStudio.TestPlatform.TestFramework.dll
MD5: 53765f54dddb420f56bc359741f2bb27
SHA1: 68fc3add8c5913b6c3b5f8174ad6216c4ec7ab91
SHA256:543ebd29a2cebba43b84b32e7c9403fd0dea13cc324c92b8b9b5f3ad987984d4

Identifiers

Microsoft.VisualStudio.TestPlatform.TestFramework.dll

Description:

MSTest.Core

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\netcoreapp3.1\Microsoft.VisualStudio.TestPlatform.TestFramework.dll
MD5: 28832f1c14c7956d7e9cf384fb708733
SHA1: 9d1a06d157634e2b7f60ab7ca10c67260c720b31
SHA256:f3d74b362314092cc918338ec5f3e561dd74b29ba4eb46a2921ba0d3c9753709

Identifiers

Moq.dll

Description:

Moq

File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\Moq.dll
MD5: 17232c32d99ba292d4ba2a596dbca5f1
SHA1: 4c5f8b2c6a2f8eba75baddc484fbef7fe197b4df
SHA256:f7f162572905875a235f565701c8cd23ad540d598f1aeade6d4eb1b93617a71d

Identifiers

MySqlConnector.dll

Description:

MySqlConnector

A truly async MySQL ADO.NET provider, supporting MySQL Server, MariaDB, Percona Server, Amazon Aurora, Azure Database for MySQL and more.

File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\MySqlConnector.dll
MD5: 19353dd202c1b45717d219cc3f8d14d0
SHA1: 88efc3f5e1c11a2ce724357f8aaa60f0bcca49cc
SHA256:03186b4706c83df746179c56d9492dd06557af10c57f809f792d54da46e2b8b6

Identifiers

  • pkg:generic/MySqlConnector@2.1.2  (Confidence:Medium)
  • cpe:2.3:a:mysql:mysql:2.1.2:*:*:*:*:*:*:*  (Confidence:Low)  
  • cpe:2.3:a:www-sql_project:www-sql:2.1.2:*:*:*:*:*:*:*  (Confidence:Low)  

CVE-2017-15945  

The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2009-4028  

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

    Vulnerable Software & Versions:

    CVE-2007-2691  

    MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
    NVD-CWE-Other

    CVSSv2:
    • Base Score: MEDIUM (4.9)
    • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2015-2575  

    Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: MEDIUM (4.9)
    • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions:

    CVE-2007-5925  

    The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

    References:

      Vulnerable Software & Versions:

      CVE-2009-0819  

      sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
      NVD-CWE-Other

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2010-3677  

      Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
      CWE-399 Resource Management Errors

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2010-3682  

      Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
      NVD-CWE-Other

      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2010-1626  

      MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
      CWE-264 Permissions, Privileges, and Access Controls, CWE-59 Improper Link Resolution Before File Access ('Link Following')

      CVSSv2:
      • Base Score: LOW (3.6)
      • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2007-1420  

      MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
      NVD-CWE-Other

      CVSSv2:
      • Base Score: LOW (2.1)
      • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      MySqlConnector.dll

      Description:

      MySqlConnector

A truly async MySQL ADO.NET provider, supporting MySQL Server, MariaDB, Percona Server, Amazon Aurora, Azure Database for MySQL and more.

      File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\MySqlConnector.dll
      MD5: d35a4229f53b3cc16391c273690dc23f
      SHA1: 48c01c3606d2cd41dffdece5052c98388167f309
      SHA256:829e3029f1ad57cf17b31dabf2c552cba2f0b09f4751dcb7e626dd44692a206f

      Identifiers

      • pkg:generic/MySqlConnector@0.61.0  (Confidence:Medium)
      • cpe:2.3:a:mysql:mysql:0.61.0:*:*:*:*:*:*:*  (Confidence:Low)  
      • cpe:2.3:a:www-sql_project:www-sql:0.61.0:*:*:*:*:*:*:*  (Confidence:Low)  

      CVE-2017-15945  

      The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
      CWE-732 Incorrect Permission Assignment for Critical Resource

      CVSSv3:
      • Base Score: HIGH (7.8)
      • Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: HIGH (7.2)
      • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2009-4028  

      The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
      CWE-20 Improper Input Validation

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2010-1621  

      The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
      CWE-264 Permissions, Privileges, and Access Controls

      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

        Vulnerable Software & Versions:

        CVE-2007-2691  

        MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
        NVD-CWE-Other

        CVSSv2:
        • Base Score: MEDIUM (4.9)
        • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2015-2575  

        Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (4.9)
        • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

        References:

        Vulnerable Software & Versions:

        CVE-2007-5925  

        The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (4.0)
        • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

        References:

          Vulnerable Software & Versions:

          CVE-2009-0819  

          sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-3677  

          Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
          CWE-399 Resource Management Errors

          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-3682  

          Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-1626  

          MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
          CWE-264 Permissions, Privileges, and Access Controls, CWE-59 Improper Link Resolution Before File Access ('Link Following')

          CVSSv2:
          • Base Score: LOW (3.6)
          • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2007-1420  

          MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: LOW (2.1)
          • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          Newtonsoft.Json.Bson.dll

          Description:

          Json.NET BSON .NET Standard 2.0

Json.NET BSON adds support for reading and writing BSON

          File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Newtonsoft.Json.Bson.dll
          MD5: 46944e52dbb2982ea49a297902b91ea8
          SHA1: 0ed43a73f49e0df7b2fa681a627cad7e25074165
          SHA256:f3c56166d7f90296bbe6b03f64335623c3165ed25948288f1f316fa74dd8327f

          Identifiers

          CVE-2024-21907  

          Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
          CWE-755 Improper Handling of Exceptional Conditions

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

          References:

          Vulnerable Software & Versions:

          Newtonsoft.Json.dll

          Description:

          Json.NET .NET Standard 2.0

Json.NET is a popular high-performance JSON framework for .NET

          File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Newtonsoft.Json.dll
          MD5: 916d32b899f1bc23b209648d007b99fd
          SHA1: e3673d05d46f29e68241d4536bddf18cdd0a913d
          SHA256:72cf291d4bab0edd08a9b07c6173e1e7ad1abb7ab727fd7044bf6305d7515661

          Identifiers

          Newtonsoft.Json.dll

          Description:

          Json.NET .NET Standard 2.0

Json.NET is a popular high-performance JSON framework for .NET

          File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Newtonsoft.Json.dll
          MD5: 9454ae6eb0c6ad77e93a95074ba29266
          SHA1: df83fcb3639596ad42d5be8314ef9d672079198b
          SHA256:99177a4cbe03625768d64a3d73392310372888f74c3eb271cf775e93057a38e6

          Identifiers

          CVE-2024-21907  

          Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
          CWE-755 Improper Handling of Exceptional Conditions

          CVSSv3:
          • Base Score: HIGH (7.5)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

          References:

          Vulnerable Software & Versions:

          Pomelo.EntityFrameworkCore.MySql.dll

          Description:

          Pomelo.EntityFrameworkCore.MySql

Pomelo's MySQL database provider for Entity Framework Core.

          File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Pomelo.EntityFrameworkCore.MySql.dll
          MD5: ee4be55be7d811e11a08aa9270485aee
          SHA1: 464e2c280ff37c3e75fc5745cab976b497a28821
          SHA256:3f7ff884fcbf3ba36953ccb53f1f345548d904b46dd44c73590dafe436624c13

          Identifiers

          Pomelo.EntityFrameworkCore.MySql.dll

          Description:

          Pomelo.EntityFrameworkCore.MySql

MySQL provider for Entity Framework Core

          File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Pomelo.EntityFrameworkCore.MySql.dll
          MD5: 300c7752647675d08bb1a30c308429c4
          SHA1: c9d8a8e4a24f190d05be1f865991c1d6c2f1fb24
          SHA256:3431890b801d0837424bc56d287a0e8edac94d8d1788643674aeec59c964776f

          Identifiers

          CVE-2017-15945  

          The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.
          CWE-732 Incorrect Permission Assignment for Critical Resource

          CVSSv3:
          • Base Score: HIGH (7.8)
          • Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
          CVSSv2:
          • Base Score: HIGH (7.2)
          • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-4028  

          The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
          CWE-20 Improper Input Validation

          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-1621  

          The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

          References:

            Vulnerable Software & Versions:

            CVE-2007-2691  

            MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
            NVD-CWE-Other

            CVSSv2:
            • Base Score: MEDIUM (4.9)
            • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2015-2575  

            Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
            NVD-CWE-noinfo

            CVSSv2:
            • Base Score: MEDIUM (4.9)
            • Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:N

            References:

            Vulnerable Software & Versions:

            CVE-2007-5925  

            The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
            CWE-20 Improper Input Validation

            CVSSv2:
            • Base Score: MEDIUM (4.0)
            • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

            References:

              Vulnerable Software & Versions:

              CVE-2009-0819  

              sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: MEDIUM (4.0)
              • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2010-3677  

              Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
              CWE-399 Resource Management Errors

              CVSSv2:
              • Base Score: MEDIUM (4.0)
              • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2010-3682  

              Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: MEDIUM (4.0)
              • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2010-1626  

              MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
              CWE-264 Permissions, Privileges, and Access Controls, CWE-59 Improper Link Resolution Before File Access ('Link Following')

              CVSSv2:
              • Base Score: LOW (3.6)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2007-1420  

              MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              Pomelo.JsonObject.dll

              Description:

              Pomelo.JsonObject

MySQL provider for Entity Framework Core

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\Pomelo.JsonObject.dll
              MD5: 8521d57f53beedc27cf8a96af007d154
              SHA1: fe8942ef55184b08a50a0d7b567302abe4932563
              SHA256:e4ad979e396b807bfb2c8c03fc68e14f995a34a40bc3458150162da7ff4f6d9a

              Identifiers

              RatePlanSwagger.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\FeeConfiguration\RatePlanSwagger.js
              MD5: 99440b9867320f63492c2706e68ebc31
              SHA1: 808c5744ec6022f635e2123244459b524a9938b3
              SHA256:e0b7f2708d95890e54bc5a9b4338b04103ac5688cf163f47c5aa478aa3b8a689

              Identifiers

              • None

              ReportSwagger.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\Reports\ReportSwagger.js
              MD5: 477f7fd3dc923e2d980551673e489438
              SHA1: 97b93f0d2e8552d85048853e5fc82227da7f963b
              SHA256:0d3d67009c3e65fd8ba1f4f155626a53439e852509ab10916cfe249493e5cb11

              Identifiers

              • None

              SQLitePCLRaw.core.dll

              Description:

              SQLitePCLRaw.core

SQLitePCLRaw is a Portable Class Library (PCL) for low-level (raw) access to SQLite

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\SQLitePCLRaw.core.dll
              MD5: 358bf09045a59a1b85acd9bc0a592904
              SHA1: 53cf59d7b192f570d528b4d5c72dfa7ac25e1d7b
              SHA256:6be5d612830990f4185dea66b4baabe191d641a3a97e081a2f62fbadf2af5b0f

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              SQLitePCLRaw.core.dll

              Description:

              SQLitePCLRaw.core

SQLitePCLRaw is a Portable Class Library (PCL) for low-level (raw) access to SQLite

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\SQLitePCLRaw.core.dll
              MD5: 5c5ba7fd02dae10aa4c846a2536dfba3
              SHA1: 59dcf1e050a44d9d5873713896354aa29eecd618
              SHA256:e917e58ed1d53424b23b3091a8be8c17f3627190eea38448eb88bbc80147365f

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              SQLitePCLRaw.provider.e_sqlite3.dll

              Description:

              SQLitePCLRaw.provider.e_sqlite3

SQLitePCLRaw is a Portable Class Library (PCL) for low-level (raw) access to SQLite

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\SQLitePCLRaw.provider.e_sqlite3.dll
              MD5: 15aa5f7d13d358d33d67cafdd13dc768
              SHA1: a071a6c2b291969ae0d182172593bba2b9b0ac84
              SHA256:563a17c67cab6f660779a76c9f960afe444062560d82fe638d15113566eea4a8

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              SwaggerController.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\controller\SwaggerController.js
              MD5: 2a8a0526aad6315710f8809f6fab3356
              SHA1: b8b30f37a65dbbf13727a65d760f37087b39ec16
              SHA256:bd15e7c23951bf6c9401e6dd980f0548493c31d94ef4ec8aa1d1005fe6a084ae

              Identifiers

              • None

              Swashbuckle.AspNetCore.Examples.dll

              Description:

              Swashbuckle.AspNetCore.Examples

Adds the SwaggerRequestExample and SwaggerResponseExample attribute for Swashbuckle. This will populate the example property of a schema object in the output swagger.

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.Examples.dll
              MD5: e8e4af0942a93e9e14a41db9da877386
              SHA1: cf0e97d388fb10d4c3bd3e38272231e725917af7
              SHA256:e49c970927f55ca30d51ef02a72a8018d636d01dee49da8c1a6cb9e151772b0b

              Identifiers

              Swashbuckle.AspNetCore.Swagger.dll

              Description:

              Swashbuckle.AspNetCore.Swagger

Middleware to expose Swagger JSON endpoints from API's built on ASP.NET Core

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.Swagger.dll
              MD5: 1561a8168854d0d464856cd980acc455
              SHA1: 26e98626430375d7c4842be8d0a25e8d7026c5b0
              SHA256:c797237da5e07d88a1576d5edbcd2e775e0b5f506d464e2d3b40e5985593c564

              Identifiers

              Swashbuckle.AspNetCore.SwaggerGen.dll

              Description:

              Swashbuckle.AspNetCore.SwaggerGen

Swagger Generator for API's built on ASP.NET Core

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\Swashbuckle.AspNetCore.SwaggerGen.dll
              MD5: 5b00e76687a228a01f7432e8b49a3cc4
              SHA1: 5c4f85708881a9ca9de58af46768bfec55b30a97
              SHA256:210ead724c458892b0ab805107e5cb2b44c74d169e89f56e851a71b6e4182747

              Identifiers

              System.IO.Pipelines.dll

              Description:

              System.IO.Pipelines

System.IO.Pipelines

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\System.IO.Pipelines.dll
              MD5: b677597c3e60d9775b3d345fd8d3f2dd
              SHA1: f89176827ec551949ec0f0c2151a098d480c5f6d
              SHA256:1870b40acfca6035ae3ecef0a4ab2303b2a29c20ccb3349b108218ff258a5deb

              Identifiers

              System.IdentityModel.Tokens.Jwt.dll

              Description:

              System.IdentityModel.Tokens.Jwt

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\System.IdentityModel.Tokens.Jwt.dll
              MD5: 3c89b35b18256f771801c82e4bfec460
              SHA1: 24adfbaa929a993068d84a9c1108244f3d9ecae0
              SHA256:64cf8766113d97330c428285ebfb583cb75510b9d546d857988f0495a4e2c771

              Identifiers

              • pkg:generic/System.IdentityModel.Tokens.Jwt@5.5.0.60624  (Confidence:Medium)
              • cpe:2.3:a:identitymodel_project:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
              • cpe:2.3:a:microsoft:identity_model:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  
              • cpe:2.3:a:microsoft:identitymodel:5.5.0.60624:*:*:*:*:*:*:*  (Confidence:Low)  

              CVE-2024-21319  

              Microsoft Identity Denial of service vulnerability
              CWE-20 Improper Input Validation, NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (6.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              System.IdentityModel.Tokens.Jwt.dll

              Description:

              System.IdentityModel.Tokens.Jwt

Includes types that provide support for creating, serializing and validating JSON Web Tokens.

              File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\System.IdentityModel.Tokens.Jwt.dll
              MD5: 45adaeb063a682f0e0f17a9a7999c3fb
              SHA1: acb58f45a6332ffc45834dbd86c7a72d26015bb0
              SHA256:c9528d9e23930da265887edd77e8834346ced811127666e26a428620d93b04de

              Identifiers

              • pkg:generic/System.IdentityModel.Tokens.Jwt@5.2.4.50619  (Confidence:Medium)
              • cpe:2.3:a:identitymodel_project:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
              • cpe:2.3:a:microsoft:identity_model:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  
              • cpe:2.3:a:microsoft:identitymodel:5.2.4.50619:*:*:*:*:*:*:*  (Confidence:Low)  

              CVE-2024-21319  

              Microsoft Identity Denial of service vulnerability
              CWE-20 Improper Input Validation, NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (6.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:2.3/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              System.Net.Http.Formatting.dll

              Description:

              System.Net.Http.Formatting

              File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\System.Net.Http.Formatting.dll
              MD5: 02e47079a1b45f4fd8142752c91970e3
              SHA1: e8016192d0a6738cd075f837109845376b270f14
              SHA256:ef32858203f7263aa5767bae4e94567fa1b3cdede214ba87603009c1c17b264f

              Identifiers

              System.Text.Json.dll

              Description:

              System.Text.Json

System.Text.Json

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\System.Text.Json.dll
              MD5: 2d63478870c507daef527440b4d53b7a
              SHA1: 8a7100aaaa676e940e0f27bf80183120ad0e9f01
              SHA256:adb8483df47b69ba5d0e34722393a7f91abcf8dd5b38fb939578ec426ac39075

              Identifiers

              System.Xml.XPath.XmlDocument.dll

              Description:

              System.Xml.XPath.XmlDocument

System.Xml.XPath.XmlDocument

              File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\System.Xml.XPath.XmlDocument.dll
              MD5: 176e9b8e9b622a51e5b3db8d0fac6eea
              SHA1: 5354245e852fdc31019f6496c1b7cae056b471ff
              SHA256:f95c1bd1cf19ef02b788a3473ccc64716d26504d98831ddcb240f1d913a3eef3

              Identifiers

              TaxSwagger.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\FeeConfiguration\TaxSwagger.js
              MD5: 0de3eee4324fe4a55cb9e3cb35dc1764
              SHA1: 97ad633ed8663f3c18e27e877e19e2c2fcfd71b6
              SHA256:421e2dc73bcb94a14150642e9273349305d3f53ffb999e0d4bf9ad8485c1cdc2

              Identifiers

              • None

              TransactionBillingHandler.Tests.csproj

              File Path: D:\Auropayrepos\Billing\test\TransactionBillingHandler.Tests\TransactionBillingHandler.Tests.csproj
              MD5: d6091c49d25bbaf1515d854bbe067e59
              SHA1: 926549ce278cb2a2d307ef2833907700e34d45d7
              SHA256:c9f9124e08030fecfdedf323b16546528635fa34dde2e15b45ae1540a8ed31de

              Identifiers

              • None

              TransactionBillingHandler.csproj

              File Path: D:\Auropayrepos\Billing\src\TransactionBillingHandler\TransactionBillingHandler.csproj
              MD5: ba29dc4999b80f6ea4fc0a4bc81b9dd9
              SHA1: 4a263bcd4289b8623a33e56fa6fe6701354274c6
              SHA256:1626824de5603b40f4c8ae5ade710485afe23ee8059b95cc1cbf86dba6f658ae

              Identifiers

              • None

              TransactionBillingHandler.dll

              Description:

              TransactionBillingHandler

              File Path: D:\Auropayrepos\Billing\src\TransactionBillingHandler\bin\Debug\net6.0\TransactionBillingHandler.dll
              MD5: fe89da730a54dbc33f724b085b5c1e16
              SHA1: 1604380fb73076774d43c3cd9cf4d864de8856ca
              SHA256:8cdccfd5baa7dca77f44576d33beeca536b3dcd52e5bd25df8e89d3d74ea1368

              Identifiers

              async:3.2.0

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?async

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2021-43138 (OSSINDEX)  

              In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-43138 for details
              CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

              CVSSv3:
              • Base Score: HIGH (7.800000190734863)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:async:3.2.0:*:*:*:*:*:*:*

              GHSA-fwr7-v2mv-hh25 (NPM)  

              A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the `mapValues()` method.
              CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

              CVSSv3:
              • Base Score: HIGH (7.800000190734863)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:async:\>\=3.0.0\<3.2.2:*:*:*:*:*:*:*

              CVE-2024-39249 (OSSINDEX)  

              Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there is no realistic threat model: regular expressions are not used with untrusted input.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-39249 for details
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv2:
              • Base Score: MEDIUM (6.300000190734863)
              • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:async:3.2.0:*:*:*:*:*:*:*

              axios:0.21.1

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?axios

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2021-3749 (OSSINDEX)  

              axios is vulnerable to Inefficient Regular Expression Complexity
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:axios:0.21.1:*:*:*:*:*:*:*

              GHSA-cph5-m8f7-6c5x (NPM)  

              axios before v0.21.2 is vulnerable to Inefficient Regular Expression Complexity.
              CWE-400 Uncontrolled Resource Consumption, CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:axios:\<0.21.2:*:*:*:*:*:*:*

              CVE-2023-45857 (OSSINDEX)  

              An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
              CWE-352 Cross-Site Request Forgery (CSRF)

              CVSSv3:
              • Base Score: MEDIUM (6.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:axios:0.21.1:*:*:*:*:*:*:*

              GHSA-wf5p-g6vw-rhxx (NPM)  

              An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
              CWE-352 Cross-Site Request Forgery (CSRF)

              CVSSv3:
              • Base Score: MEDIUM (6.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:axios:\>\=0.8.1\<0.28.0:*:*:*:*:*:*:*

              billingUtility.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\definitions\BillingUtility\billingUtility.js
              MD5: 11432ea6c0ebe435c7171c8ca70c9448
              SHA1: cfbe56e3211920feb26cb24165871a0176ba1efa
              SHA256:c86aff6450853a81d4dbf96f6934906450c8acae2254277669589c600818ed8a

              Identifiers

              • None

              core3.1.API.dll

              Description:

              core3.1.API

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\core3.1.API.dll
              MD5: b009183b2e3c13523312f04bd6dfe661
              SHA1: 8060c8f5c630cc401dda553add58311cc96e97bc
              SHA256:e49fe64c658649ccae8ddb2370f26398cc56340f9ba65a9abd84634b43bc0509

              Identifiers

              core3.1.AWS.dll

              Description:

              core3.1.AWS

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\core3.1.AWS.dll
              MD5: 5a62d92434e236a7b31934771602e51f
              SHA1: 45b11fddc5a97e08ba71acc8fabc2151da4fee68
              SHA256:79bf9d02fca767a1e3afdd521aa6d95e153046e63c1ee02fce2974f2ff4e5c6f

              Identifiers

              core3.1.api.dll

              Description:

              core3.1.api

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\core3.1.api.dll
              MD5: fbf39c4a4df7fc493a01034170edf849
              SHA1: ad7cbd474587e55c313aa54f2cb7d254e77783c3
              SHA256:04ef122a557541705a24beaaf8b22ca018acb01a989d5bac21a340b7e8470720

              Identifiers

              core3.1.aws.dll

              Description:

              core3.1.aws

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\core3.1.aws.dll
              MD5: 3c0c3fa76810f32f412dde3e45fd7e1f
              SHA1: e083763287a1965426d9fb3f0d6822a76a9ed4f5
              SHA256:438003ced71775aee65617faf6c425b704b26e4712283bf7038abf58b6604078

              Identifiers

              core3.1.dll

              Description:

              core3.1

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\net6.0\core3.1.dll
              MD5: 82fa5d78308c8b00fb74276048e6386a
              SHA1: 57e57ebb6b6dd0c62827d869e5d61ab981b622d6
              SHA256:fb3b161b7c5da0e7ee602b400371964a0e5e11855bd0bbc11387e4cc1915918f

              Identifiers

              core3.1.dll

              Description:

              core3.1

              File Path: D:\Auropayrepos\Billing\src\Billing.API\bin\Debug\netcoreapp3.1\core3.1.dll
              MD5: 15b1b608d3ea26eea2b78993cdff2a73
              SHA1: 45baa91a14d86d5d1c8972003d4c0a4f28cedb06
              SHA256:f9c9d9dd28d0d05c3da059cc3df2a2002f2e72bdecdcc91769eb75621c90de9b

              Identifiers

              core3.1.dll

              Description:

              core3.1

              File Path: D:\Auropayrepos\Billing\test\BillingKeyRotationExecutor.Tests\bin\Debug\net6.0\core3.1.dll
              MD5: adf76eabc0cbb7253f0b0300da50ddfe
              SHA1: 10bcca71648dae26f3d9930215c55ec84d35dc73
              SHA256:fecaef540c399b8446ffaf7f244ccfef7c6c5c19cd4836f4365f936c0fa81cd2

              Identifiers

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\runtimes\win-arm64\native\e_sqlite3.dll
              MD5: 87776aa83dd0b7c7c0d107086019e23c
              SHA1: d23e9a5e7faf8ab63304650ee427536c814cbbdf
              SHA256:7be069b83dbd374867b6e4384b359e108e91518f7a74553ddd31b053921ab42b

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\runtimes\win-arm\native\e_sqlite3.dll
              MD5: 5dd768fd40b38f44e16e898b52ab6635
              SHA1: 987c6c9dfee3ad5a983298cb2c01372870610e62
              SHA256:618ae75967acf2053fde3c74b2d96c4e6c097675c3a725ebc5605521df296fbc

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\runtimes\win-x64\native\e_sqlite3.dll
              MD5: 6ea08a0e0affdeab1889e153402b97e2
              SHA1: 8e05d4e52f42b34c485f1c8ac7ce8b0304053f7f
              SHA256:29029877dce20e985487b1805733d72e0962e6a5cb72796b52a52628aed085d5

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\net6.0\runtimes\win-x86\native\e_sqlite3.dll
              MD5: 03a62e86903e0c125a4f190be476c674
              SHA1: 9f8ee1eefd87584649447f4fcb1699098e2d6496
              SHA256:d2e0558e63ac31bd4ed01e4db7107812808b17c0223455c00482f631c0b43339

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\runtimes\win-arm64\native\e_sqlite3.dll
              MD5: 77ba05d605f20bceb5b7c5bb131c8012
              SHA1: 006d2c25e009e8b415b5180c830498766c06efc5
              SHA256:6a10b95be2d9cad0690b5bfdab24394b96111e3b18eaaf43ef731df506ca80a7

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\runtimes\win-arm\native\e_sqlite3.dll
              MD5: 6844e4b40c797e392e1dddcfae0b8dd4
              SHA1: 6ef8d80e7e3988b0a2a9f750c6b690b5c591516e
              SHA256:b15ef8bf60d419066146c6d4686d98073b462ee32b7353a48af5853543ac5ae1

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\runtimes\win-x64\native\e_sqlite3.dll
              MD5: 0b495ce20254620ebcb3fefdefb7ad70
              SHA1: 67dad6f7f6ace235b4e77f32b102efa715c5b285
              SHA256:3b73661441e0a7a439d5b2a1190d2c9bb326e54bcdb180aad9f0366bdbd47e07

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              e_sqlite3.dll

              File Path: D:\Auropayrepos\Billing\test\Billing.Test\bin\Debug\netcoreapp3.1\runtimes\win-x86\native\e_sqlite3.dll
              MD5: 1aa2fb5e420379a7a50cd650232c6a08
              SHA1: e9bb12599f60032a160a00a04203bd73680940cd
              SHA256:9877f703ce3fb9669d656d24726159b616b2df25522225bf41bfafe89954c58a

              Identifiers

              CVE-2017-10989  

              The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
              CWE-125 Out-of-bounds Read

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19646  

              pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
              CWE-754 Improper Check for Unusual or Exceptional Conditions

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-11656  

              In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: CRITICAL (9.8)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-5895  

              Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
              NVD-CWE-noinfo

              CVSSv2:
              • Base Score: HIGH (10.0)
              • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

              References:

              Vulnerable Software & Versions:

              CVE-2018-20346  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-20506  

              SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: HIGH (8.1)
              • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3414  

              SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE"""""""" at the end of a SELECT statement.
              CWE-908 Use of Uninitialized Resource

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3415  

              The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.
              CWE-404 Improper Resource Shutdown or Release

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3416  

              The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.
              CWE-190 Integer Overflow or Wraparound

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-3717  

              Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
              CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2018-20505  

              SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
              CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2018-8740  

              In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-11655  

              SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
              CWE-665 Improper Initialization

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2022-35737  

              SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.
              CWE-129 Improper Validation of Array Index

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2023-7104  

              A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.
              CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-122 Heap-based Buffer Overflow

              CVSSv3:
              • Base Score: HIGH (7.3)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:3.9/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (5.2)
              • Vector: /AV:A/AC:L/Au:S/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13630  

              ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.
              CWE-416 Use After Free

              CVSSv3:
              • Base Score: HIGH (7.0)
              • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.4)
              • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2015-6607  

              SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
              CWE-264 Permissions, Privileges, and Access Controls

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2016-6153  

              os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (5.9)
              • Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:2.5/RC:R/MAV:A
              CVSSv2:
              • Base Score: MEDIUM (4.6)
              • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2019-19645  

              alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
              CWE-674 Uncontrolled Recursion

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13434  

              SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
              CWE-190 Integer Overflow or Wraparound

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13435  

              SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions:

              CVE-2020-13631  

              SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
              NVD-CWE-noinfo

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-13632  

              ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.
              CWE-476 NULL Pointer Dereference

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2020-15358  

              In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
              CWE-787 Out-of-bounds Write

              CVSSv3:
              • Base Score: MEDIUM (5.5)
              • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A
              CVSSv2:
              • Base Score: LOW (2.1)
              • Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              follow-redirects:1.14.0

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?follow-redirects

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              GHSA-74fj-2j2h-c42q (NPM)  

              follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
              CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

              CVSSv3:
              • Base Score: HIGH (8.0)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:follow-redirects:\<1.14.7:*:*:*:*:*:*:*

              CVE-2022-0155 (OSSINDEX)  

              follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
              CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

              CVSSv3:
              • Base Score: MEDIUM (6.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:follow-redirects:1.14.0:*:*:*:*:*:*:*

              CVE-2024-28849 (OSSINDEX)  

              follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-28849 for details
              CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

              CVSSv3:
              • Base Score: MEDIUM (6.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:follow-redirects:1.14.0:*:*:*:*:*:*:*

              GHSA-cxjh-pqwp-8mfp (NPM)  

              When using [axios](https://github.com/axios/axios), its dependency follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.

## Steps To Reproduce & PoC

Test code:

```js
const axios = require('axios');

axios.get('http://127.0.0.1:10081/', {
 headers: {
 'AuThorization': 'Rear Test',
 'ProXy-AuthoriZation': 'Rear Test',
 'coOkie': 't=1'
 }
})
 .then((response) => {
 console.log(response);
 })
```

When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.

## Impact

This vulnerability may lead to credentials leak.

## Recommendations

Remove proxy-authentication header during cross-domain redirect

### Recommended Patch

[follow-redirects/index.js:464](https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b)

```diff
- removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
+ removeMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers);
```
              CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

              CVSSv3:
              • Base Score: MEDIUM (6.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:follow-redirects:\<\=1.15.5:*:*:*:*:*:*:*

              CVE-2023-26159 (OSSINDEX)  

              Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
              CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (6.099999904632568)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:follow-redirects:1.14.0:*:*:*:*:*:*:*

              GHSA-jchw-25xp-jwwc (NPM)  

              Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
              CWE-601 URL Redirection to Untrusted Site ('Open Redirect'), CWE-20 Improper Input Validation

              CVSSv3:
              • Base Score: MEDIUM (6.099999904632568)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:follow-redirects:\<1.15.4:*:*:*:*:*:*:*

              CVE-2022-0536 (OSSINDEX)  

              Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.
              CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

              CVSSv3:
              • Base Score: MEDIUM (5.900000095367432)
              • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:follow-redirects:1.14.0:*:*:*:*:*:*:*

              GHSA-pw2r-vq6v-hr8c (NPM)  

              Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.
              CWE-200 Exposure of Sensitive Information to an Unauthorized Actor, CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer

              CVSSv3:
              • Base Score: MEDIUM (5.900000095367432)
              • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:follow-redirects:\<1.14.8:*:*:*:*:*:*:*

              index.js

              File Path: D:\Auropayrepos\Billing\src\MerchantHandlerNode\index.js
              MD5: 5b9a49c710cdc58c0ed784475ec3f743
              SHA1: 8fa51294c75c82776d7630247db24a88e6133730
              SHA256:9bedf0576031e343d548869528468a7fae4e147b1f11ba61272625880467bacb

              Identifiers

              • None

              index.js

              File Path: D:\Auropayrepos\Billing\src\ResellerHandlerNode\index.js
              MD5: 548fa5e24121a07702549f2371419fd2
              SHA1: 4db9080128be2c08eb7c2e147adfa2f0718dc15d
              SHA256:62f50326573019bae46584ba11f30f9fea30e20a197c704bc621ca2f9d717543

              Identifiers

              • None

              jsonwebtoken:8.5.1

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?jsonwebtoken

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2022-23539 (OSSINDEX)  

              Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option  to `true` in the `sign()` and/or `verify()` functions.
              CWE-327 Use of a Broken or Risky Cryptographic Algorithm

              CVSSv3:
              • Base Score: HIGH (8.100000381469727)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:jsonwebtoken:8.5.1:*:*:*:*:*:*:*

              GHSA-8cf7-32gw-wr33 (NPM)  

              # Overview

Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. 

# Am I affected?

You are affected if you are using an algorithm and a key type other than the combinations mentioned below

| Key type |  algorithm                                    |
|----------|------------------------------------------|
| ec           | ES256, ES384, ES512                      |
| rsa          | RS256, RS384, RS512, PS256, PS384, PS512 |
| rsa-pss  | PS256, PS384, PS512                      |

And for Elliptic Curve algorithms:

| `alg` | Curve      |
|-------|------------|
| ES256 | prime256v1 |
| ES384 | secp384r1  |
| ES512 | secp521r1  |

# How do I fix it?

Update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, If you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option to `true` in the `sign()` and/or `verify()` functions.

# Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you already use a valid secure combination of key type and algorithm. Otherwise,  use the  `allowInvalidAsymmetricKeyTypes` option  to `true` in the `sign()` and `verify()` functions to continue usage of invalid key type/algorithm combination in 9.0.0 for legacy compatibility.
              CWE-327 Use of a Broken or Risky Cryptographic Algorithm

              CVSSv3:
              • Base Score: HIGH (8.100000381469727)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:jsonwebtoken:\<\=8.5.1:*:*:*:*:*:*:*

              CVE-2022-23540 (OSSINDEX)  

              In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.
              CWE-287 Improper Authentication

              CVSSv3:
              • Base Score: HIGH (7.599999904632568)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:jsonwebtoken:8.5.1:*:*:*:*:*:*:*

              GHSA-qwph-4952-7xr6 (NPM)  

              # Overview

In versions <=8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.

# Am I affected?
You will be affected if all the following are true in the `jwt.verify()` function:
- a token with no signature is received
- no algorithms are specified 
- a falsy (e.g. null, false, undefined) secret or key is passed 

# How do I fix it?
 
Update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. 

# Will the fix impact my users?

There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.
              CWE-347 Improper Verification of Cryptographic Signature, CWE-327 Use of a Broken or Risky Cryptographic Algorithm, CWE-287 Improper Authentication

              CVSSv3:
              • Base Score: MEDIUM (6.400000095367432)
              • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:jsonwebtoken:\<9.0.0:*:*:*:*:*:*:*

              CVE-2022-23541 (OSSINDEX)  

              jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of  forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-23541 for details
              CWE-1259 Improper Restriction of Security Token Assignment

              CVSSv3:
              • Base Score: MEDIUM (6.300000190734863)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:jsonwebtoken:8.5.1:*:*:*:*:*:*:*

              GHSA-hjrf-2m68-5959 (NPM)  

              # Overview

Versions `<=8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the `secretOrPublicKey` argument from the [readme link](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification  than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. 

# Am I affected?

You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. 

# How do I fix it?
 
Update to version 9.0.0.

# Will the fix impact my users?

There is no impact for end users
              CWE-287 Improper Authentication, CWE-1259 Improper Restriction of Security Token Assignment

              CVSSv3:
              • Base Score: MEDIUM (5.0)
              • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:jsonwebtoken:\<\=8.5.1:*:*:*:*:*:*:*

              merchantHandler.js

              File Path: D:\Auropayrepos\Billing\src\MerchantHandlerNode\merchantHandler.js
              MD5: 74ed297062ddfda4866c64b7ec9f9a35
              SHA1: 7297d79c4e9b2e4e7fde9cb1e2ab7fe0ec911afd
              SHA256:efda2574fd1c6539886874b4f3d50543694434540fdcf3cf032fbfd060ccaf00

              Identifiers

              • None

              merchantRepository.js

              File Path: D:\Auropayrepos\Billing\src\MerchantHandlerNode\merchantRepository.js
              MD5: a16b52f20f3f75b2f252960ea7896cef
              SHA1: 29ff7f13a4b75178c099f4df954b9ca7d202e3a9
              SHA256:e12c2362cd3993e73d93c21e4d46219a36e85ce201a07fe3c9103533d252708a

              Identifiers

              • None

              minimatch:3.0.4

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?minimatch

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              GHSA-f8q6-p94x-37v3 (NPM)  

              A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
              CWE-400 Uncontrolled Resource Consumption, CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:minimatch:\<3.0.5:*:*:*:*:*:*:*

              moment-timezone:0.5.33

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?moment-timezone

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              GHSA-v78c-4p63-2j6c (NPM)  

              ### Impact

* if Alice uses `grunt data` (or `grunt release`) to prepare a custom-build, moment-timezone with the latest tzdata from IANA's website
* and Mallory intercepts the request to IANA's unencrypted ftp server, Mallory can serve data which might exploit further stages of the moment-timezone tzdata pipeline, or potentially produce a tainted version of moment-timezone (practicality of such attacks is not proved)

### Patches
Problem has been patched in version 0.5.35, patch should be applicable with minor modifications to all affected versions. The patch includes changing the FTP endpoint with an HTTPS endpoint.

### Workarounds
Specify the exact version of tzdata (like `2014d`, full command being `grunt data:2014d`, then run the rest of the release tasks by hand), or just apply the patch before issuing the grunt command.
              CWE-319 Cleartext Transmission of Sensitive Information

              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:moment-timezone:\>\=0.1.0\<0.5.35:*:*:*:*:*:*:*

              GHSA-56x4-j7p9-fcf9 (NPM)  

              ### Impact

All versions of moment-timezone from 0.1.0 contain build tasks vulnerable to command injection.

* if Alice uses tzdata pipeline to package moment-timezone on her own (for example via `grunt data:2014d`, where `2014d` stands for the version of the tzdata to be used from IANA's website),
* and Alice let's Mallory select the version (`2014d` in our example), then Mallory can execute arbitrary commands on the machine running the grunt task, with the same privilege as the grunt task

#### Am I affected?

##### Do you build custom versions of moment-timezone with grunt?

If no, you're not affected.

##### Do you allow a third party to specify which particular version you want build?

If yes, you're vulnerable to command injection -- third party may execute arbitrary commands on the system running grunt task with the same privileges as grunt task.

### Description

#### Command Injection via grunt-zdownload.js and MITM on iana's ftp endpoint

The `tasks/data-download.js` script takes in a parameter from grunt and uses it to form a command line which is then executed:

```
6  module.exports = function (grunt) {
7      grunt.registerTask('data-download', '1. Download data from iana.org/time-zones.', function (version) {
8          version = version || 'latest';

10          var done  = this.async(),
11              src   = 'ftp://ftp.iana.org/tz/tzdata-latest.tar.gz',
12              curl  = path.resolve('temp/curl', version, 'data.tar.gz'),
13              dest  = path.resolve('temp/download', version);
...
24          exec('curl ' + src + ' -o ' + curl + ' && cd ' + dest + ' && gzip -dc ' + curl + ' | tar -xf -', function (err) {
```

Ordinarily, one one run this script using something like `grunt data-download:2014d`, in which case version would have the value `2014d`. However, if an attacker were to provide additional content on the command line, they would be able to execute arbitrary code

```
root@e94ba0490b65:/usr/src/app/moment-timezone# grunt 'data-download:2014d ; echo flag>/tmp/foo #'
\Running "data-download:2014d ; echo flag>/tmp/foo #" (data-download) task
>> Downloading https://data.iana.org/time-zones/releases/tzdata2014d ; echo flag>/tmp/foo #.tar.gz
>> Downloaded https://data.iana.org/time-zones/releases/tzdata2014d ; echo flag>/tmp/foo #.tar.gz

Done.
root@e94ba0490b65:/usr/src/app/moment-timezone# cat /tmp/foo
flag
```

#### Command Injection via data-zdump.js

The `tasks/data-zdump.js` script reads a list of files present in a temporary directory (created by previous tasks), and for each one, assembles and executes a command line without sanitization. As a result, an attacker able to influence the contents of that directory could gain code execution. This attack is exacerbated by timezone data being downloaded via cleartext FTP (described above), but beyond that, an attacker at iana.org able to modify the timezone files could disrupt any systems that build moment-timezone.

```
15              files     = grunt.file.expand({ filter : 'isFile', cwd : 'temp/zic/' + version }, '**/*');
...
27          function next () {
...
33              var file = files.pop(),
34                  src  = path.join(zicBase, file),
35                  dest = path.join(zdumpBase, file);
36              exec('zdump -v ' + src, { maxBuffer: 20*1024*1024 }, function (err, stdout) {
```

In this case, an attacker able to add a file to `temp/zic/2014d` (for example) with a filename like `Z; curl www.example.com` would influence the called to exec on line 36 and run arbitrary code. There are a few minor challenges in exploiting this, since the string needs to be a valid filename.

#### Command Injection via data-zic.js

Similar to the vulnerability in /tasks/data-download.js, the /tasks/data-zic.js script takes a version from the command line and uses it as part of a command line, executed without sanitization.

```
10          var done  = this.async(),
11              dest  = path.resolve('temp/zic', version),
...
22              var file = files.shift(),
23                  src = path.resolve('temp/download', version, file);
24
25              exec('zic -d ' + dest + ' ' + src, function (err) {
```

As a result, an attacker able to influence that string can run arbitrary commands. Of course, it requires an attacker able to influence the command passed to grunt, so may be unlikely in practice.

```
root@e94ba0490b65:/usr/src/app/moment-timezone# grunt 'data-zic:2014d; echo hi > /tmp/evil; echo '
Running "data-zic:2014d; echo hi > /tmp/evil; echo " (data-zic) task
exec: zid -d /usr/src/app/moment-timezone/temp/zic/2014d; echo hi > /tmp/evil; echo  /usr/src/app/moment-timezone/temp/download/2014d; echo hi > /tmp/evil; echo /africa
...

root@e94ba0490b65:/usr/src/app/moment-timezone# cat /tmp/evil
hi
```

### Patches

The supplied patch on top of 0.5.34 is applicable with minor tweaks to all affected versions. It switches `exec` to `execFile` so arbitrary bash fragments won't be executed any more.

### References

* https://knowledge-base.secureflag.com/vulnerabilities/code_injection/os_command_injection_nodejs.html
* https://auth0.com/blog/preventing-command-injection-attacks-in-node-js-apps/
              Unscored:
              • Severity: low

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:moment-timezone:\>\=0.1.0\<0.5.35:*:*:*:*:*:*:*

              moment:2.29.1

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?moment

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2022-24785 (OSSINDEX)  

              Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-24785 for details
              CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:moment:2.29.1:*:*:*:*:*:*:*

              CVE-2022-31129 (OSSINDEX)  

              moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:moment:2.29.1:*:*:*:*:*:*:*

              GHSA-8hfj-j24r-96c4 (NPM)  

              ### Impact
This vulnerability impacts npm (server) users of moment.js, especially if user provided locale string, eg `fr` is directly used to switch moment locale.

### Patches
This problem is patched in 2.29.2, and the patch can be applied to all affected versions (from 1.0.1 up until 2.29.1, inclusive).

### Workarounds
Sanitize user-provided locale name before passing it to moment.js.

### References
_Are there any links users can visit to find out more?_

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [moment repo](https://github.com/moment/moment)
              CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-27 Path Traversal: 'dir/../../filename'

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:moment:\<2.29.2:*:*:*:*:*:*:*

              GHSA-wc69-rhjr-hc9g (NPM)  

              ### Impact

* using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs
* noticeable slowdown is observed with inputs above 10k characters
* users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks

### Patches
The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking.

### Workarounds
In general, given the proliferation of ReDoS attacks, it makes sense to limit the length of the user input to something sane, like 200 characters or less. I haven't seen legitimate cases of date-time strings longer than that, so all moment users who do pass a user-originating string to constructor are encouraged to apply such a rudimentary filter, that would help with this but also most future ReDoS vulnerabilities.

### References
There is an excellent writeup of the issue here: https://github.com/moment/moment/pull/6015#issuecomment-1152961973=

### Details
The issue is rooted in the code that removes legacy comments (stuff inside parenthesis) from strings during rfc2822 parsing. `moment("(".repeat(500000))` will take a few minutes to process, which is unacceptable.
              CWE-400 Uncontrolled Resource Consumption, CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:moment:\>\=2.18.0\<2.29.4:*:*:*:*:*:*:*

              path-to-regexp:6.2.0

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?path-to-regexp

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2024-45296 (OSSINDEX)  

              path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv2:
              • Base Score: HIGH (8.699999809265137)
              • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:path-to-regexp:6.2.0:*:*:*:*:*:*:*

              GHSA-9wv6-86v2-598j (NPM)  

              ### Impact

A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (`.`). For example, `/:a-:b`.

### Patches

For users of 0.1, upgrade to `0.1.10`. All other users should upgrade to `8.0.0`.

These versions add backtrack protection when a custom regex pattern is not provided:

- [0.1.10](https://github.com/pillarjs/path-to-regexp/releases/tag/v0.1.10)
- [1.9.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v1.9.0)
- [3.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v3.3.0)
- [6.3.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v6.3.0)

They do not protect against vulnerable user supplied capture groups. Protecting against explicit user patterns is out of scope for old versions and not considered a vulnerability.

Version [7.1.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v7.1.0) can enable `strict: true` and get an error when the regular expression might be bad.

Version [8.0.0](https://github.com/pillarjs/path-to-regexp/releases/tag/v8.0.0) removes the features that can cause a ReDoS.

### Workarounds

All versions can be patched by providing a custom regular expression for parameters after the first in a single segment. As long as the custom regular expression does not match the text before the parameter, you will be safe. For example, change `/:a-:b` to `/:a-:b([^-/]+)`.

If paths cannot be rewritten and versions cannot be upgraded, another alternative is to limit the URL length. For example, halving the attack string improves performance by 4x faster.

### Details

Using `/:a-:b` will produce the regular expression `/^\/([^\/]+?)-([^\/]+?)\/?$/`. This can be exploited by a path such as `/a${'-a'.repeat(8_000)}/a`. [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS) has a good example of why this occurs, but the TL;DR is the `/a` at the end ensures this route would never match but due to naive backtracking it will still attempt every combination of the `:a-:b` on the repeated 8,000 `-a`.

Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and can lead to a DoS. In local benchmarks, exploiting the unsafe regex will result in performance that is over 1000x worse than the safe regex. In a more realistic environment using Express v4 and 10 concurrent connections, this translated to average latency of ~600ms vs 1ms.

### References

* [OWASP](https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS)
* [Detailed blog post](https://blakeembrey.com/posts/2024-09-web-redos/)
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:path-to-regexp:\>\=4.0.0\<6.3.0:*:*:*:*:*:*:*

              resellerHandler.js

              File Path: D:\Auropayrepos\Billing\src\ResellerHandlerNode\resellerHandler.js
              MD5: 24bd3dee9ef9718fbfb5faa699dcff54
              SHA1: e77fd74ce5f63bf82494552629d45d51edaf691e
              SHA256:34a521e2b65395700aa645e78444548eba97ecbee16487452945eceba17452c3

              Identifiers

              • None

              resellerRepository.js

              File Path: D:\Auropayrepos\Billing\src\ResellerHandlerNode\resellerRepository.js
              MD5: 12883620e9b3e03113f923b308e985c4
              SHA1: 4b15976852f7877c0fdc8e614542d3d0884f2d78
              SHA256:979af94c4707391d9e9ce298ab4c34ef308b6e551fc63cf14bddf024d1f01696

              Identifiers

              • None

              semver:5.7.1

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?semver

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2022-25883 (OSSINDEX)  

              Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.



Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-25883 for details
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:semver:5.7.1:*:*:*:*:*:*:*

              GHSA-c2qf-rxjj-qqgw (NPM)  

              Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: HIGH (7.5)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
              Unscored:
              • Severity: high

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:semver:\<5.7.2:*:*:*:*:*:*:*

              swagger.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger.js
              MD5: 8c966df86ee27632be72505b900f5916
              SHA1: 9763a3faecb7eb413fff25dc9b64d48180ad717d
              SHA256:2361cc5e66651683d9f2ad44475939cb656919330e9eda7752d39bceeb20a068

              Identifiers

              • None

              swaggerDefinition.js

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\swagger\swaggerDefinition.js
              MD5: deb17d900166aff177d29316c47b176e
              SHA1: d7e639c0c00a65a70adba8597d2d40ed6adc049a
              SHA256:c25f85c339e4d7799f30b06105c52ad3a12ccdb63aab005306ef3203fd144e8c

              Identifiers

              • None

              testhost.dll

              Description:

              testhost

              File Path: D:\Auropayrepos\Billing\test\Billing.API.Tests\bin\Debug\net6.0\testhost.dll
              MD5: 9e3b6c0c1c6083115518638435fdea07
              SHA1: ef741eb8c0398698da9965f359d71938b283feec
              SHA256:4b9404bb74615f941216aa0840deaa331d83839c325c452eee6fef11a31c08a8

              Identifiers

              validator:12.2.0

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?validator

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              GHSA-qgmg-gppg-76g5 (NPM)  

              validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: MEDIUM (5.300000190734863)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:validator:\<13.7.0:*:*:*:*:*:*:*

              GHSA-xx4c-jj58-r7x6 (NPM)  

              ### Impact
Versions of `validator` prior to 13.7.0 are affected by an inefficient Regular Expression complexity  when using the `rtrim` and `trim` sanitizers.

### Patches
The problem has been patched in validator 13.7.0
              CWE-1333 Inefficient Regular Expression Complexity

              CVSSv3:
              • Base Score: MEDIUM (5.300000190734863)
              • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:validator:\>\=11.1.0\<13.7.0:*:*:*:*:*:*:*

              xml2js:0.4.19

              File Path: D:\Auropayrepos\Billing\src\Billing.Swagger.API\package-lock.json?xml2js

              Referenced In Project/Scope: package-lock.json: transitive

              Identifiers

              CVE-2023-0842 (OSSINDEX)  

              xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2023-0842 for details
              CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

              CVSSv3:
              • Base Score: MEDIUM (5.300000190734863)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

              References:

              Vulnerable Software & Versions (OSSINDEX):

              • cpe:2.3:a:*:xml2js:0.4.19:*:*:*:*:*:*:*

              GHSA-776f-qx25-q3cc (NPM)  

              xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the `__proto__` property to be edited.
              CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

              CVSSv3:
              • Base Score: MEDIUM (5.300000190734863)
              • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
              Unscored:
              • Severity: moderate

              References:

              Vulnerable Software & Versions (NPM):

              • cpe:2.3:a:*:xml2js:\<0.5.0:*:*:*:*:*:*:*



              This report contains data retrieved from the National Vulnerability Database.
              This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
              This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
              This report may contain data retrieved from RetireJS.
              This report may contain data retrieved from the Sonatype OSS Index.