CVE-2017-0256 - Medium Severity Vulnerability
Vulnerable Library - system.net.http.4.3.1.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.
Library home page: https://api.nuget.org/packages/system.net.http.4.3.1.nupkg
Path to dependency file: /Integrations/Google/UiPath.Google/UiPath.Google.csproj
Path to vulnerable library: /tmp/ws-ua_20230620162214_SSRFPG/dotnet_EGMXVM/20230620162214/System.Net.Http.4.3.1/System.Net.Http.4.3.1.nupkg
Dependency Hierarchy:
- ❌ system.net.http.4.3.1.nupkg (Vulnerable Library)
Found in HEAD commit: 0c6513d8fe51047cbb7f6a41f2c1a1a25712e96a
Found in base branch: develop
Vulnerability Details
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0256
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-j8f4-2w4p-mhjc
Release Date: 2017-05-12
Fix Resolution: microsoft.aspnetcore.mvc.viewfeatures - 1.0.4,system.net.security - 4.0.1,microsoft.aspnetcore.mvc.core - 1.0.4,microsoft.aspnetcore.mvc.taghelpers - 1.1.3,microsoft.aspnetcore.mvc.formatters.xml - 1.1.3,system.net.http - 4.1.2,microsoft.aspnetcore.mvc - 1.0.4,microsoft.aspnetcore.mvc.dataannotations - 1.0.4,microsoft.aspnetcore.mvc.localization - 1.0.4,microsoft.aspnetcore.mvc.razor.host - 1.1.3,microsoft.aspnetcore.mvc.formatters.xml - 1.0.4,microsoft.aspnetcore.mvc.dataannotations - 1.1.3,system.net.websockets.client - 4.0.1,microsoft.aspnetcore.mvc.abstractions - 1.1.3,system.net.websockets.client - 4.3.1,microsoft.aspnetcore.mvc.cors - 1.0.4,system.net.http.winhttphandler - 4.3.1,system.net.http.winhttphandler - 4.0.1,microsoft.aspnetcore.mvc.webapicompatshim - 1.0.4,microsoft.aspnetcore.mvc.razor - 1.1.3,microsoft.aspnetcore.mvc.apiexplorer - 1.1.3,microsoft.aspnetcore.mvc.localization - 1.1.3,microsoft.aspnetcore.mvc.webapicompatshim - 1.1.3,microsoft.aspnetcore.mvc.razor.host - 1.0.4,microsoft.aspnetcore.mvc.razor - 1.0.4,microsoft.aspnetcore.mvc.core - 1.1.3,microsoft.aspnetcore.mvc.formatters.json - 1.0.4,microsoft.aspnetcore.mvc.viewfeatures - 1.1.3,microsoft.aspnetcore.mvc.abstractions - 1.0.4,system.net.security - 4.3.1,system.text.encodings.web - 4.3.1,microsoft.aspnetcore.mvc - 1.1.3,microsoft.aspnetcore.mvc.apiexplorer - 1.0.4,microsoft.aspnetcore.mvc.formatters.json - 1.1.3,system.text.encodings.web - 4.0.1,microsoft.aspnetcore.mvc.cors - 1.1.3,system.net.http - 4.3.2,microsoft.aspnetcore.mvc.taghelpers - 1.0.4
CVE-2017-0256 - Medium Severity Vulnerability
Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.
Library home page: https://api.nuget.org/packages/system.net.http.4.3.1.nupkg
Path to dependency file: /Integrations/Google/UiPath.Google/UiPath.Google.csproj
Path to vulnerable library: /tmp/ws-ua_20230620162214_SSRFPG/dotnet_EGMXVM/20230620162214/System.Net.Http.4.3.1/System.Net.Http.4.3.1.nupkg
Dependency Hierarchy:
Found in HEAD commit: 0c6513d8fe51047cbb7f6a41f2c1a1a25712e96a
Found in base branch: develop
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0256
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-j8f4-2w4p-mhjc
Release Date: 2017-05-12
Fix Resolution: microsoft.aspnetcore.mvc.viewfeatures - 1.0.4,system.net.security - 4.0.1,microsoft.aspnetcore.mvc.core - 1.0.4,microsoft.aspnetcore.mvc.taghelpers - 1.1.3,microsoft.aspnetcore.mvc.formatters.xml - 1.1.3,system.net.http - 4.1.2,microsoft.aspnetcore.mvc - 1.0.4,microsoft.aspnetcore.mvc.dataannotations - 1.0.4,microsoft.aspnetcore.mvc.localization - 1.0.4,microsoft.aspnetcore.mvc.razor.host - 1.1.3,microsoft.aspnetcore.mvc.formatters.xml - 1.0.4,microsoft.aspnetcore.mvc.dataannotations - 1.1.3,system.net.websockets.client - 4.0.1,microsoft.aspnetcore.mvc.abstractions - 1.1.3,system.net.websockets.client - 4.3.1,microsoft.aspnetcore.mvc.cors - 1.0.4,system.net.http.winhttphandler - 4.3.1,system.net.http.winhttphandler - 4.0.1,microsoft.aspnetcore.mvc.webapicompatshim - 1.0.4,microsoft.aspnetcore.mvc.razor - 1.1.3,microsoft.aspnetcore.mvc.apiexplorer - 1.1.3,microsoft.aspnetcore.mvc.localization - 1.1.3,microsoft.aspnetcore.mvc.webapicompatshim - 1.1.3,microsoft.aspnetcore.mvc.razor.host - 1.0.4,microsoft.aspnetcore.mvc.razor - 1.0.4,microsoft.aspnetcore.mvc.core - 1.1.3,microsoft.aspnetcore.mvc.formatters.json - 1.0.4,microsoft.aspnetcore.mvc.viewfeatures - 1.1.3,microsoft.aspnetcore.mvc.abstractions - 1.0.4,system.net.security - 4.3.1,system.text.encodings.web - 4.3.1,microsoft.aspnetcore.mvc - 1.1.3,microsoft.aspnetcore.mvc.apiexplorer - 1.0.4,microsoft.aspnetcore.mvc.formatters.json - 1.1.3,system.text.encodings.web - 4.0.1,microsoft.aspnetcore.mvc.cors - 1.1.3,system.net.http - 4.3.2,microsoft.aspnetcore.mvc.taghelpers - 1.0.4