Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Impact
Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.
Users not implemented SAS Uri's are unaffected.
Patches
This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP.
Workarounds
None
Permalink: https://github.com/advisories/GHSA-24mc-gc52-47jvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 days ago
Updated: 7 days ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-24mc-gc52-47jv, CVE-2024-50353
References:
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff
- https://nvd.nist.gov/vuln/detail/CVE-2024-50353
- https://github.com/advisories/GHSA-24mc-gc52-47jv
Blast Radius: 1.0
Affected Packages
nuget:ICG.AspNetCore.Utilities.CloudStorage
Dependent packages: 0Dependent repositories: 0
Downloads: 11,219 total
Affected Version Ranges: < 8.0.0
Fixed in: 8.0.0
All affected versions: 2.2.4, 3.0.8, 5.0.8, 5.1.4, 6.0.0
All unaffected versions: 8.0.0