Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13aHBoLTQ0NmgtNm05ds075w
Azure SDK for .NET Information Disclosure Vulnerability.
Azure SDK for .NET Information Disclosure Vulnerability via undisclosed methods relating to lack of sanitization of exception messages.
Permalink: https://github.com/advisories/GHSA-whph-446h-6m9vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13aHBoLTQ0NmgtNm05ds075w
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 9 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-whph-446h-6m9v, CVE-2022-26907
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-26907
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26907
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26907
- https://github.com/Azure/azure-sdk-for-net/blob/a919c48ae294fed084a9679b6f53ac6af3fb4c3a/sdk/mgmtcommon/ClientRuntime/ClientRuntime/Microsoft.Rest.ClientRuntime.csproj#L11
- https://github.com/Azure/azure-sdk-for-net/pull/28169
- https://github.com/Azure/azure-sdk-for-net/commit/e67f2a9fc5aa1060bd465d1458c347671268f6f5
- https://github.com/advisories/GHSA-whph-446h-6m9v
Blast Radius: 1.0
Affected Packages
nuget:Microsoft.Rest.ClientRuntime
Dependent packages: 0Dependent repositories: 0
Downloads: 371,401,093 total
Affected Version Ranges: < 2.3.24
Fixed in: 2.3.24
All affected versions: 0.9.4, 0.9.5, 0.9.6, 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.6.0, 1.8.0, 1.8.1, 1.8.2, 1.9.0, 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.3.13, 2.3.14, 2.3.15, 2.3.16, 2.3.17, 2.3.18, 2.3.19, 2.3.20, 2.3.21, 2.3.22, 2.3.23
All unaffected versions: 2.3.24, 3.0.0, 3.0.1, 3.0.2, 3.0.3