[Auto] GitHub advisories as of 2024-11-25T1118 for NuGet

openrewrite · Nov 25, 2024 · 36b6cf7 · 36b6cf7
1 parent 9ae8e17
commit 36b6cf7
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/main/resources/advisories-nuget.csv b/src/main/resources/advisories-nuget.csv
@@ -2205,14 +2205,15 @@ CVE-2024-43484,2024-10-08T20:24:56Z,"Microsoft Security Advisory CVE-2024-43484
 CVE-2024-43484,2024-10-08T20:24:56Z,"Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability",System.IO.Packaging,9.0.0-preview.1.24080.9,9.0.0-rc.2.24473.5,HIGH,CWE-407
 CVE-2024-43485,2024-10-08T20:25:19Z,"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability",System.Text.Json,6.0.0,6.0.10,HIGH,CWE-407
 CVE-2024-43485,2024-10-08T20:25:19Z,"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability",System.Text.Json,8.0.0,8.0.5,HIGH,CWE-407
-CVE-2024-43498,2024-11-12T23:03:15Z,".NET Remote Code Execution Vulnerability",System.Formats.Nrbf,0,9.0.0,LOW,
+CVE-2024-43498,2024-11-12T23:03:15Z,".NET Remote Code Execution Vulnerability",System.Formats.Nrbf,0,9.0.0,CRITICAL,
 CVE-2024-43499,2024-11-12T23:01:23Z,".NET Denial of Service Vulnerability",System.Formats.Nrbf,0,9.0.0,LOW,
 CVE-2024-44930,2024-08-29T18:31:36Z,"Serilog Client IP Spoofing vulnerability","Serilog.Enrichers.ClientInfo",0,2.1.0,MODERATE,CWE-348;CWE-79
 CVE-2024-45302,2024-08-29T19:30:51Z,"CRLF Injection in RestSharp's `RestRequest.AddHeader` method",RestSharp,107.0.0-preview.1,112.0.0,MODERATE,CWE-113;CWE-74;CWE-93
 CVE-2024-45526,2024-10-18T20:05:28Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua",0,1.5.374.118,MODERATE,CWE-770
 CVE-2024-45526,2024-10-18T20:05:28Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.5.374.118,MODERATE,CWE-770
 CVE-2024-47819,2024-10-22T17:50:08Z,"Umbraco CMS vulnerable to stored Cross-site Scripting in the ""dictionary name"" on Dictionary section",Umbraco.Cms.StaticAssets,14.0.0,14.3.1,MODERATE,CWE-79;CWE-80
 CVE-2024-48510,2024-11-13T15:31:37Z,"DotNetZip Directory Traversal vulnerability",DotNetZip,1.10.1,,HIGH,CWE-22
+CVE-2024-48510,2024-11-13T15:31:37Z,"DotNetZip Directory Traversal vulnerability",ProDotNetZip,0,,HIGH,CWE-22
 CVE-2024-48924,2024-10-17T19:30:03Z,"MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow",MessagePack,0,2.5.187,MODERATE,CWE-328
 CVE-2024-48924,2024-10-17T19:30:03Z,"MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow",MessagePack,2.6.95-alpha,3.0.214-rc.1,MODERATE,CWE-328
 CVE-2024-48925,2024-10-22T17:51:26Z,"Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API",Umbraco.CMS,14.0.0,14.3.0,LOW,CWE-284;CWE-863
@@ -2341,6 +2342,6 @@ GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot
 GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.9.0,4.9.5,HIGH,CWE-287
 GHSA-vx2x-9cff-fhjw,2022-12-06T21:13:49Z,"DSInternals Credential Roaming Elevation of Privilege Vulnerability",DSInternals.Common,2.21,4.8,MODERATE,
 GHSA-w4x6-hh3x-wjrx,2023-12-11T21:47:14Z,"Stale copy of the public suffix list",Gsemac.Net,0,0.38.2,LOW,
-GHSA-wmm6-pgp8-29hg,2024-11-12T18:30:58Z,"Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability",System.Formats.Nrbf,0,9.0.0,HIGH,CWE-606;CWE-409
+GHSA-wmm6-pgp8-29hg,2024-11-12T18:30:58Z,"Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability",System.Formats.Nrbf,0,9.0.0,HIGH,CWE-409;CWE-606
 GHSA-wq88-fq4x-h2pm,2024-03-25T19:35:53Z,"WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM",PanelSW.Custom.WiX,0,3.15.0-a46,HIGH,
 GHSA-wqcr-xm43-hpqr,2023-10-06T20:46:33Z,"Vulnerable version of libwebp and can be exploited with a malicious source image","ImageResizer.Plugins.FreeImage",0,,HIGH,