Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Impact
Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.
Users not implemented SAS Uri's are unaffected.
Patches
This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP.
Workarounds
None
Permalink: https://github.com/advisories/GHSA-24mc-gc52-47jvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 2 months ago
Updated: 2 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Percentage: 0.00046
EPSS Percentile: 0.18503
Identifiers: GHSA-24mc-gc52-47jv, CVE-2024-50353
References:
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff
- https://nvd.nist.gov/vuln/detail/CVE-2024-50353
- https://github.com/advisories/GHSA-24mc-gc52-47jv
Blast Radius: 1.0
Affected Packages
nuget:ICG.AspNetCore.Utilities.CloudStorage
Dependent packages: 0Dependent repositories: 0
Downloads: 12,624 total
Affected Version Ranges: < 8.0.0
Fixed in: 8.0.0
All affected versions: 2.2.4, 3.0.4, 3.0.8, 5.0.8, 5.1.4, 6.0.0
All unaffected versions: 8.0.0