Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
- ABP Framework version: v3.0.4
- UI type: Angular
- Tiered (MVC) or Identity Server Seperated (Angular): yes
- Exception message and stack trace:
- We scanned our project code base through Snyk tool (Synk.io) and it reported few vulnerabilites. While reviewing we found that the assemblies like "System.Net.Http" and "System.Text.RegularExpressions" are not directly referenced in our code base and thus we could n't upgrade them to latest and resolve these issues. Is this something, ABP can do upgrade of framework code base in order for us to address these issues. Below are the vulnerabilities reported -
Denial of Service (DoS) Improper Certificate Validation Information Exposure Regular Expression Denial of Service (ReDoS) Privilege Escalation Authentication Bypass
Vulnerable module: System.Net.Http Introduced through: xunit.extensibility.execution@2.4.1 and xunit@2.4.1 Exploit maturity: No known exploit Fixed in: 4.1.2, 4.3.2 Introduced through: project@* › xunit.extensibility.execution@2.4.1 › NETStandard.Library@1.6.1 › System.Net.Http@4.3.0 Introduced through: project@* › xunit@2.4.1 › xunit.assert@2.4.1 › NETStandard.Library@1.6.1 › System.Net.Http@4.3.0 Introduced through: project@* › xunit.extensibility.execution@2.4.1 › xunit.extensibility.core@2.4.1 › NETStandard.Library@1.6.1 › System.Net.Http@4.3.0
Vulnerable module: System.Text.RegularExpressions Introduced through: meta-common-packages@meta Exploit maturity: No known exploit Fixed in: 4.3.1 Introduced through: project@* › meta-common-packages@meta › System.Text.RegularExpressions@4.3.0
- Steps to reproduce the issue:
1 Answer(s)
-
0
I couldn't find
System.Net.HttporSystem.Text.RegularExpressionsin ABP new projects. Maybe one of your libraries added these DLLs.,Angular:
MVC:
