Activities of "johnny.nguyen"

All Question Answer
Newest Oldest
Vulnerabilities found when scanning ABP 8.1.1 with dependency track #7150
Answer

Hi,

Sorry for that. We will upgrade all related packages.

As a temporary solution, you can add references to the latest versions of these packages in your project

Your ticket was refunded.

Hi liangshiwei, thanks again.

Vulnerabilities found when scanning ABP 8.1.1 with dependency track #7150
Answer

Hi,

SixLabors.ImageSharp Microsoft.IdentityModel.Tokens Microsoft.IdentityModel.JsonWebTokens

We have upgraded these packages in the next version. https://github.com/abpframework/abp/pull/19634 https://github.com/abpframework/abp/pull/19643

Azure.Identity Microsoft.Data.SqlClient

ABP does not use these packages, you can check your project package references

As a temporary solution, you can add references to the latest versions of these packages in your project

Thanks liangshiwei for quick response, For Microsoft.Data.SqlClient, as mentioned, it's included in Volo.Abp.EntityFrameworkCore.SqlServer@8.1.1 (screenshots)

Please help to double check. Thanks!

Vulnerabilities found when scanning ABP 8.1.1 with dependency track #7150
Question
  • ABP Framework version: v8.1.1
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): Auth Server Separated
  • Exception message and full stack trace: no
  • Steps to reproduce the issue:
    • Run abp update to update from 8.0.4 to 8.1.1
    • Scan all nuget packages with dependency track https://dependencytrack.org/
    • Found the following vulnerability:

| | | | | | | | | | | --- | --- | --- | --- | --- | --- | --- | --- | --- | | | <br>Azure.Identity | 1.7.0 | | NVD CVE-2023-36414 | High | OSS Index | 6 May 2024 | - | | | Azure.Identity | 1.7.0 | | NVD CVE-2024-29992 | Medium | OSS Index | 6 May 2024 | - | | | | Microsoft.Data.SqlClient | 5.1.1 | | NVD CVE-2024-0056 | High | OSS Index | 6 May 2024 | - | | | | Microsoft.IdentityModel.JsonWebTokens | 6.24.0 | | NVD CVE-2024-21319 | Medium | OSS Index | 6 May 2024 | - | | | | Microsoft.IdentityModel.JsonWebTokens | 7.0.3 | | NVD CVE-2024-21319 | Medium | OSS Index | 6 May 2024 | - | | | | Microsoft.IdentityModel.Tokens | 6.24.0 | | NVD CVE-2024-21319 | Medium | OSS Index | 6 May 2024 | - | | | | Microsoft.IdentityModel.Tokens | 7.0.3 | | NVD CVE-2024-21319 | Medium | OSS Index | 6 May 2024 | - | | | | SixLabors.ImageSharp | 3.0.2 | | NVD CVE-2024-27929 | Unassigned | OSS Index | 6 May 2024 | - | | | | SixLabors.ImageSharp | 3.0.2 | | NVD CVE-2024-32035 | Unassigned | OSS Index | 6 May 2024 | - | | | | SixLabors.ImageSharp | 3.0.2 | | NVD CVE-2024-32036 | Unassigned | OSS Index | 6 May 2024 | - |

* These packages are the children of this two:
    * Volo.Abp.Account.Pro.Public.Application@8.1.1
    * Volo.Abp.EntityFrameworkCore.SqlServer@8.1.1
    * 
    *

Please help to verify and provide a patch. Thanks.

Showing 1 to 3 of 3 entries
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11