Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13NHg2LWhoM3gtd2pyeM4AA3q0

Stale copy of the public suffix list

We have identified that this project contains an out-of-date version of the Public Suffix List (https://publicsuffix.org/). We are carrying out research to identify the potential impacts of using old versions of the Public Suffix List, and we intend to publish our results in academic conferences and journals. Our results will become publicly available after 21 days; this provides time to update your project with an up-to-date version of the Public Suffix List.

GitHub repository: gsemac/Gsemac.Common
Public Suffix List path: src/Gsemac.Net/Resources/public_suffix_list.dat

The Public Suffix List is regularly updated (generally a few times per week), and to ensure that the correct privacy boundaries are maintained between websites, applications that use it should routinely fetch an updated copy. If new suffixes are added to the list, and an old list is then used, privacy boundaries will not be constructed correctly, allowing for data (e.g., cookies) to be set incorrectly, potentially harming privacy.

There is further guidance on how the Public Suffix List should be used in ICANN’s “Advisory on the Use of Static TLD / Suffix Lists” at https://www.icann.org/en/system/files/files/sac-070-en.pdf.

If you have any questions about our research, or about usage of the Public Suffix List, please reply via e-mail to [email protected].

Permalink: https://github.com/advisories/GHSA-w4x6-hh3x-wjrx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NHg2LWhoM3gtd2pyeM4AA3q0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 12 months ago
Updated: 12 months ago


Identifiers: GHSA-w4x6-hh3x-wjrx
References: Repository: https://github.com/gsemac/Gsemac.Common
Blast Radius: 1.0

Affected Packages

nuget:Gsemac.Net
Dependent packages: 5
Dependent repositories: 0
Downloads: 59,421 total
Affected Version Ranges: < 0.38.2
Fixed in: 0.38.2
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.11.0, 0.12.0, 0.12.1, 0.13.0, 0.13.1, 0.13.2, 0.14.0, 0.14.1, 0.15.0, 0.15.1, 0.15.2, 0.15.3, 0.15.4, 0.16.0, 0.16.1, 0.16.2, 0.16.3, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 0.17.6, 0.17.7, 0.17.8, 0.17.9, 0.18.0, 0.19.0, 0.20.0, 0.21.0, 0.22.0, 0.23.0, 0.23.1, 0.23.2, 0.24.0, 0.24.1, 0.25.0, 0.25.1, 0.26.0, 0.27.0, 0.28.0, 0.28.1, 0.29.0, 0.30.0, 0.31.0, 0.31.1, 0.31.2, 0.32.0, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.34.1, 0.35.0, 0.35.1, 0.35.2, 0.36.0, 0.36.1, 0.37.0, 0.38.0, 0.38.1
All unaffected versions: 0.38.2, 0.38.3, 0.39.0, 0.39.1, 0.40.0, 0.40.1, 0.40.2, 0.40.3, 0.40.4, 0.40.5, 0.40.6, 0.40.7, 0.40.8, 0.40.9, 0.40.10