Giter Club home page Giter Club logo

godaddywrapper.net's Introduction

Hi there ๐Ÿ‘‹

Ahwm's GitHub stats

godaddywrapper.net's People

Contributors

ahwm avatar dependabot[bot] avatar marchere avatar mend-bolt-for-github[bot] avatar vip30 avatar vizztech avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

johnduhart maddalenatech hgulamabbass eydelrivero dl8on dylanmckendry marchere syedadeel2

godaddywrapper.net's Issues

Requests.CertificatesCreate

I think Requests.CertificatesCreate is a duplicated class of "Requests.CertificateCreate" may be its a typo

Error when returning domain list

Type List<string> is not handled correctly in the case of RetrieveDomainList

GoDaddy's documentation states that this should be as /domains?statuses=ACTIVE,AWAITING_PAYMENT but the library appears to be doing a JSON serialization process on the property instead, which would potentially give something more like /domains?statuses=[ACTIVE]

Version: 1.1.3-beta

try
{
    DomainRetrieve request = new DomainRetrieve
    {
        statuses = new List<string> { "ACTIVE" }
    };

    var response2 = await client.RetrieveDomainList(request);
}
catch (GodaddyException ex)
{
    // INVALID_VALUE_ENUM error is returned in this instance
}

System.Net.Http

Version conflicts in the System.Net.Http on the latest .NET core in visual studio 2017

Incorrect work of RetrieveDNSRecordsWithTypeAndName method

Hi, seems your code has a bug in the RetrieveDNSRecordsWithTypeAndName method, you double checking the "name" parameter for null value and the second condition will never be running as expected:
if (Name != null)
{
if (Name != null)
urlPath = $"domains/{domain}/records/{Type}";
else
urlPath = $"domains/{domain}/records/{Type}/{Name}";
}

I think the code should be something like that:
if (string.IsNullOrEmpty(Name))
urlPath = $"domains/{domain}/records/{Type}";
else
urlPath = $"domains/{domain}/records/{Type}/{Name}";

system.net.http.4.3.0.nupkg: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - system.net.http.4.3.0.nupkg

Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.

Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (system.net.http.4.3.0.nupkg version) Remediation Possible**
CVE-2018-8292 High 7.5 system.net.http.4.3.0.nupkg Direct System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2018-8292

Vulnerable Library - system.net.http.4.3.0.nupkg

Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.

Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg

Dependency Hierarchy:

  • โŒ system.net.http.4.3.0.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Publish Date: 2018-10-10

URL: CVE-2018-8292

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2018-10-10

Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1

Step up your Open Source Security Game with Mend here

Inconsistent Property Naming

A large number of property names are inconsistent - several in the same class will be camelCase or PascalCase.

This should be rectified to be more consistent - preferably PascalCase since that's considered the .NET standard practice.

ReplaceDNSRecordsWithTypeAndName

ReplaceDNSRecordsWithTypeAndName
error is not a array
twice called JsonConvert.SerializeObject()
maybe change to next code.

namespace GodaddyWrapper.Helper
{
    internal static class HttpClientExtensions
    {
        public static Task<HttpResponseMessage> PostAsync(this HttpClient client, string requestUri, string jsonString)
        {
            return client.PostAsync(requestUri, new StringContent(jsonString, Encoding.UTF8, "application/json"));
        }

        public static Task<HttpResponseMessage> PutAsync(this HttpClient client, string requestUri, string jsonString)
        {
	  return client.PutAsync(requestUri, new StringContent(jsonString, Encoding.UTF8, "application/json"));
        }

        public static Task<HttpResponseMessage> PatchAsync(this HttpClient client, string requestUri, string jsonString)
        {
            var method = new HttpMethod("PATCH");
            var request = new HttpRequestMessage(method, requestUri){
                Content = new StringContent(jsonString, Encoding.UTF8, "application/json")
            };
            HttpResponseMessage response = new HttpResponseMessage();
            return client.SendAsync(request);
        }
    }
}

XML Comments

XML Documentation should either be turned off or add XML comments to all properties to see if that will speed up the CI build process.

Requests.CertificateCreate error > JSON is not correct for request type

An 404 error (bad request) was thrown after calling CreateCertificate(Requests.CertificateCreate)

JSON is not correct for request type

i tried to serialize Requests.CertificateCreate manually using Newtonsoft.Json.JsonConvert.SerializeObject and put it in godaddy api test page it gave me the same error

i tried my own class it passed

after compared the two serialized strings .. I found that they care about case sensitive and may be the alphabetical order of the properties

BulkCheckDomainAvailable not working

I get a "Bad Request" status code when trying to use the BulkCheckDomainAvailable function.

How I am using it:
public static async Task<DomainAvailableBulkResultResponse> CheckDomains(List<CSVData> checkdomains) { List<string> stdomains = new List<string>(); foreach(CSVData data in checkdomains) { stdomains.Add(data.DomainName); } var client = new Client(Key, Secret, "https://api.godaddy.com/api/v1/"); try { var response = await client.BulkCheckDomainAvailable(new DomainAvailableBulk { domains = stdomains, checkType = "FAST" }); return response; } catch (GodaddyException ex) { Console.WriteLine(ex.ErrorResponse.Message); Console.WriteLine(ex.StatusCode); return null; } }

Updated NuGet Package?

Any chance of getting an updated NuGet package released? It's been almost 2 years since the last release. And the multi-targeting never made it. I'd be happy to help get that going if you'd be open to that.

xunit.2.6.3.nupkg: 1 vulnerabilities (highest severity is: 7.5)

Vulnerable Library - xunit.2.6.3.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (xunit.2.6.3.nupkg version) Remediation Possible**
CVE-2019-0820 High 7.5 system.text.regularexpressions.4.3.0.nupkg Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-0820

Vulnerable Library - system.text.regularexpressions.4.3.0.nupkg

Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...

Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Dependency Hierarchy:

  • xunit.2.6.3.nupkg (Root Library)
    • xunit.assert.2.6.3.nupkg
      • netstandard.library.1.6.1.nupkg
        • system.xml.xdocument.4.3.0.nupkg
          • system.xml.readerwriter.4.3.0.nupkg
            • โŒ system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.

Publish Date: 2019-05-16

URL: CVE-2019-0820

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cmhx-cq75-c4mj

Release Date: 2019-05-16

Fix Resolution: System.Text.RegularExpressions - 4.3.1

Step up your Open Source Security Game with Mend here

shouldly.4.0.3.nupkg: 3 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - shouldly.4.0.3.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (shouldly.4.0.3.nupkg version) Remediation Possible**
CVE-2021-24112 Critical 9.8 system.drawing.common.5.0.0.nupkg Transitive N/A* โŒ
CVE-2022-34716 Medium 5.9 system.security.cryptography.xml.5.0.0.nupkg Transitive N/A* โŒ
CVE-2022-41064 Medium 5.8 system.data.sqlclient.4.8.1.nupkg Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-24112

Vulnerable Library - system.drawing.common.5.0.0.nupkg

Provides access to GDI+ graphics functionality.

Commonly Used Types:
System.Drawing.Bitmap
System.D...

Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg

Dependency Hierarchy:

  • shouldly.4.0.3.nupkg (Root Library)
    • diffengine.6.4.9.nupkg
      • microsoft.windows.compatibility.5.0.0.nupkg
        • system.data.oledb.5.0.0.nupkg
          • system.diagnostics.performancecounter.5.0.0.nupkg
            • system.configuration.configurationmanager.5.0.0.nupkg
              • system.security.permissions.5.0.0.nupkg
                • system.windows.extensions.5.0.0.nupkg
                  • โŒ system.drawing.common.5.0.0.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.

Publish Date: 2021-02-25

URL: CVE-2021-24112

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-rxg9-xrhp-64gj

Release Date: 2021-02-25

Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3

Step up your Open Source Security Game with Mend here

CVE-2022-34716

Vulnerable Library - system.security.cryptography.xml.5.0.0.nupkg

Provides classes to support the creation and validation of XML digital signatures. The classes in th...

Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.5.0.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg

Dependency Hierarchy:

  • shouldly.4.0.3.nupkg (Root Library)
    • diffengine.6.4.9.nupkg
      • microsoft.windows.compatibility.5.0.0.nupkg
        • system.servicemodel.primitives.4.7.0.nupkg
          • system.private.servicemodel.4.7.0.nupkg
            • โŒ system.security.cryptography.xml.5.0.0.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.

Affected software

  • Any .NET 6.0 application running on .NET 6.0.7 or earlier.
  • Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.

Patches

Publish Date: 2022-08-09

URL: CVE-2022-34716

CVSS 3 Score Details (5.9)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-2m65-m22p-9wjw

Release Date: 2022-08-09

Fix Resolution: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1

Step up your Open Source Security Game with Mend here

CVE-2022-41064

Vulnerable Library - system.data.sqlclient.4.8.1.nupkg

Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...

Library home page: https://api.nuget.org/packages/system.data.sqlclient.4.8.1.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.data.sqlclient/4.8.1/system.data.sqlclient.4.8.1.nupkg

Dependency Hierarchy:

  • shouldly.4.0.3.nupkg (Root Library)
    • diffengine.6.4.9.nupkg
      • microsoft.windows.compatibility.5.0.0.nupkg
        • โŒ system.data.sqlclient.4.8.1.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

.NET Framework Information Disclosure Vulnerability
Mend Note: Converted from WS-2022-0377, on 2022-11-10.

Publish Date: 2022-11-09

URL: CVE-2022-41064

CVSS 3 Score Details (5.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Adjacent
    • Attack Complexity: High
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-8g2p-5pqh-5jmc

Release Date: 2022-11-09

Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5

Step up your Open Source Security Game with Mend here

OrderId on Purchase Domain Response should be a long

Whilst testing on the OTE environment, I am getting this exception from after attempting to purchase a domain.

Message:
JSON integer 2200083563 is too large or small for an Int32. Path 'orderId', line 1, position 52.

Stack Trace:
at Newtonsoft.Json.JsonTextReader.ParseReadNumber(ReadType readType, Char firstChar, Int32 initialPosition)
at Newtonsoft.Json.JsonTextReader.ParseNumber(ReadType readType)
at Newtonsoft.Json.JsonTextReader.ReadNumberValue(ReadType readType)
at Newtonsoft.Json.JsonTextReader.ReadAsInt32()
at Newtonsoft.Json.JsonReader.ReadForType(JsonContract contract, Boolean hasConverter)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonSerializer.Deserialize(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value)
at GodaddyWrapper.Helper.HttpContentExtensions.<>c__01.<ReadAsAsync>b__0_0(Task1 data)
at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
at System.Threading.Tasks.Task.<>c.<.cctor>b__272_0(Object obj)
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
--- End of stack trace from previous location ---
at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread threadPoolThread)
--- End of stack trace from previous location ---

xunit.2.4.1.nupkg: 1 vulnerabilities (highest severity is: 7.5) - autoclosed

Vulnerable Library - xunit.2.4.1.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (xunit.2.4.1.nupkg version) Remediation Possible**
CVE-2019-0820 High 7.5 system.text.regularexpressions.4.3.0.nupkg Transitive N/A* โŒ

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2019-0820

Vulnerable Library - system.text.regularexpressions.4.3.0.nupkg

Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...

Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg

Path to dependency file: /src/GodaddyWrapper.Tests/GodaddyWrapper.Tests.csproj

Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg

Dependency Hierarchy:

  • xunit.2.4.1.nupkg (Root Library)
    • xunit.assert.2.4.1.nupkg
      • netstandard.library.1.6.1.nupkg
        • system.xml.xdocument.4.3.0.nupkg
          • system.xml.readerwriter.4.3.0.nupkg
            • โŒ system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library)

Found in HEAD commit: c5f5b17c0a9e5c58af8f4baba7d786b4214f2e56

Found in base branch: master

Vulnerability Details

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.

Publish Date: 2019-05-16

URL: CVE-2019-0820

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-cmhx-cq75-c4mj

Release Date: 2019-05-16

Fix Resolution: System.Text.RegularExpressions - 4.3.1

Step up your Open Source Security Game with Mend here

New Example 

NOTE: this will work only if you fix my previous bug "Wrapper does not work when null values being sent #2"
  ```
  var key = "{KEY}";
        var secret = "{SECRET}";

        var domain = "{YOURDOMAIN.COM}";
        var type = "A";
        var name = "@";
        var ip = new WebClient().DownloadString("http://api.ipify.org/");
        var ttl = 600;

        var client = new Client(key, secret, "https://api.godaddy.com/api/v1/");
        try
        {
            var DNSRecordList = new List<DNSRecordCreateTypeName>();
            var dnsRecord = new DNSRecordCreateTypeName(){data = ip,ttl = ttl};
            DNSRecordList.Add(dnsRecord);

            var response = await client.ReplaceDNSRecordsWithTypeAndName(DNSRecordList, domain, type, name);
            if(response)
            Library.WriteErrorLog("IP changed to "+ip);
        }
        catch (GodaddyException ex)
        {
            Library.WriteErrorLog(ex);
        }

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.