Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e

ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

Impact

Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.

Users not implemented SAS Uri's are unaffected.

Patches

This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP.

Workarounds

None

Permalink: https://github.com/advisories/GHSA-24mc-gc52-47jv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 7 days ago


CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-24mc-gc52-47jv, CVE-2024-50353
References: Repository: https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage
Blast Radius: 1.0

Affected Packages

nuget:ICG.AspNetCore.Utilities.CloudStorage
Dependent packages: 0
Dependent repositories: 0
Downloads: 11,219 total
Affected Version Ranges: < 8.0.0
Fixed in: 8.0.0
All affected versions: 2.2.4, 3.0.8, 5.0.8, 5.1.4, 6.0.0
All unaffected versions: 8.0.0