lkurzyniec / netcore-boilerplate Goto Github PK
View Code? Open in Web Editor NEWBoilerplate of API in .NET 8
License: GNU General Public License v2.0
netcore-boilerplate's People
Contributors
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
Stargazers
Watchers
Forkers
nblumhardt toannguyen241994 masums optical-phusion zdz89 pha2miki gabon rsi1982 christoph-wagner saif03 plcode7 boston99green cactushive wilson-placester kashiash omerba66 weihan1394 gustavohra jimmyamarquez vima91 dtully tharukacodeworks hardikksavaliya mkurpinski awmed markchan1209 panosonasis phanchaulong marbel82 daxter44 gajakannan kinnco chbasitgill saber13812002 ckidddev shiontrain01 murattcan jonasalberttan sonlehuu sidiqahmed enric-gilabert fepc18 randyventurina talento90 wwwk sss-software learngrowandshare ahmedfaruk888 nicudev ebramtawfik fontiana japieknouwds craniodev atipparaju yusuf-erdem javierravarotto wasimakh2 denisburlacu ercankaplan thedevelopermask pablolangoo bkagan98 winartozheng mkpgs2 yinchinan010 fredatgithub chinan1681 nyeinchanaung-dev pavadik devmtconan amorroma1 puya310 krishnikaperumalsamy chinan1681 xor-el calvinlua mandeepnanda roshanfs abdullahkhan13 nwaneto peterpontbriand adhtanjung inflop pepe57 casudinlix timleclair jcsantiagousnetcore-boilerplate's Issues
Warning about incompatible version of Microsoft.EntityFrameworkCore.Design 3.0.0
I'm getting the following warning during the build.
warning NU1701: Package 'Microsoft.EntityFrameworkCore.Design 3.0.0' was restored using '.NETFramework,Version=v4.6.1, .NETFramework,Version=v4.6.2, .NETFramework,Version=v4.7, .NETFramework,Version=v4.7.1, .NETFramework,Version=v4.7.2, .NETFramework,Version=v4.8' instead of the project target framework '.NETStandard,Version=v2.0'.
This package may not be fully compatible with your project.
Because this supposes to be a role model repository it should avoid warnings during the build.
I'm not familiar with EF so I have no idea what this package is responsible for but it looks like it was not designed for .net core 3.0.
Is't possible database first?
Is't possible database first?
CVE-2017-0249 (High) detected in system.net.http.4.3.0.nupkg - autoclosed
CVE-2017-0249 - High Severity Vulnerability
Vulnerable Library - system.net.http.4.3.0.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- fare.2.1.1.nupkg
- netstandard.library.1.6.1.nupkg
- ❌ system.net.http.4.3.0.nupkg (Vulnerable Library)
- netstandard.library.1.6.1.nupkg
- fare.2.1.1.nupkg
Found in base branch: master
Vulnerability Details
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0249
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1,4.3.1;System.Net.Http - 4.1.2,4.3.2;System.Net.Http.WinHttpHandler - 4.0.2,4.3.1;System.Net.Security - 4.0.1,4.3.1;System.Net.WebSockets.Client - 4.0.1,4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3
Step up your Open Source Security Game with Mend here
CVE-2018-8292 (High) detected in system.net.http.4.3.0.nupkg
CVE-2018-8292 - High Severity Vulnerability
Vulnerable Library - system.net.http.4.3.0.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/HappyCode.NetCoreBoilerplate.Api.UnitTests/HappyCode.NetCoreBoilerplate.Api.UnitTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- fare.2.1.1.nupkg
- netstandard.library.1.6.1.nupkg
- ❌ system.net.http.4.3.0.nupkg (Vulnerable Library)
- netstandard.library.1.6.1.nupkg
- fare.2.1.1.nupkg
Found in base branch: master
Vulnerability Details
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Publish Date: 2018-10-10
URL: CVE-2018-8292
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2018-10-10
Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1
Step up your Open Source Security Game with Mend here
.NET 8 upgrade
Postgres Integration
I have read the docs and details , just a suggestion what if I add Postgres database along with other two?
CVE-2017-0247 (High) detected in system.net.http.4.3.0.nupkg - autoclosed
CVE-2017-0247 - High Severity Vulnerability
Vulnerable Library - system.net.http.4.3.0.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- fare.2.1.1.nupkg
- netstandard.library.1.6.1.nupkg
- ❌ system.net.http.4.3.0.nupkg (Vulnerable Library)
- netstandard.library.1.6.1.nupkg
- fare.2.1.1.nupkg
Found in base branch: master
Vulnerability Details
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Publish Date: 2017-05-12
URL: CVE-2017-0247
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1,4.3.1;System.Net.Http - 4.1.2,4.3.2;System.Net.Http.WinHttpHandler - 4.0.2,4.5.4;System.Net.Security - 4.0.1,4.3.1;System.Net.WebSockets.Client - 4.0.1,4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3
Step up your Open Source Security Game with Mend here
CVE-2023-36414 (High) detected in azure.identity.1.7.0.nupkg
CVE-2023-36414 - High Severity Vulnerability
Vulnerable Library - azure.identity.1.7.0.nupkg
This is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.7.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.7.0/azure.identity.1.7.0.nupkg
Dependency Hierarchy:
- HappyCode.NetCoreBoilerplate.Api-1.3.0 (Root Library)
- aspnetcore.healthchecks.sqlserver.7.0.0.nupkg
- microsoft.data.sqlclient.5.1.1.nupkg
- ❌ azure.identity.1.7.0.nupkg (Vulnerable Library)
- microsoft.data.sqlclient.5.1.1.nupkg
- aspnetcore.healthchecks.sqlserver.7.0.0.nupkg
Found in base branch: master
Vulnerability Details
Azure Identity SDK Remote Code Execution Vulnerability
Publish Date: 2023-10-10
URL: CVE-2023-36414
CVSS 3 Score Details (8.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Step up your Open Source Security Game with Mend here
CVE-2017-0248 (High) detected in system.net.http.4.3.0.nupkg - autoclosed
CVE-2017-0248 - High Severity Vulnerability
Vulnerable Library - system.net.http.4.3.0.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- fare.2.1.1.nupkg
- netstandard.library.1.6.1.nupkg
- ❌ system.net.http.4.3.0.nupkg (Vulnerable Library)
- netstandard.library.1.6.1.nupkg
- fare.2.1.1.nupkg
Found in base branch: master
Vulnerability Details
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Publish Date: 2017-05-12
URL: CVE-2017-0248
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1, 4.3.1;System.Net.Http - 4.1.2, 4.3.2;System.Net.Http.WinHttpHandler - 4.0.2, 4.3.1;System.Net.Security - 4.0.1, 4.3.1;System.Net.WebSockets.Client - 4.0.1, 4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4, 1.1.3
Step up your Open Source Security Game with Mend here
WS-2022-0161 (High) detected in newtonsoft.json.9.0.1.nupkg - autoclosed
WS-2022-0161 - High Severity Vulnerability
Vulnerable Library - newtonsoft.json.9.0.1.nupkg
Json.NET is a popular high-performance JSON framework for .NET
Library home page: https://api.nuget.org/packages/newtonsoft.json.9.0.1.nupkg
Path to dependency file: /test/HappyCode.NetCoreBoilerplate.Api.UnitTests/HappyCode.NetCoreBoilerplate.Api.UnitTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/newtonsoft.json/9.0.1/newtonsoft.json.9.0.1.nupkg
Dependency Hierarchy:
- nbomber.http.1.1.1.nupkg (Root Library)
- nbomber.1.1.0.nupkg
- serilog.settings.configuration.3.1.0.nupkg
- microsoft.extensions.dependencymodel.2.0.4.nupkg
- ❌ newtonsoft.json.9.0.1.nupkg (Vulnerable Library)
- microsoft.extensions.dependencymodel.2.0.4.nupkg
- serilog.settings.configuration.3.1.0.nupkg
- nbomber.1.1.0.nupkg
Found in base branch: master
Vulnerability Details
Improper Handling of Exceptional Conditions in Newtonsoft.Json.
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Publish Date: 2022-06-22
URL: WS-2022-0161
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2022-06-22
Fix Resolution: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0
Step up your Open Source Security Game with Mend here
Redundant CorellationId parameter in controler's methods
What is the purpose of adding [FromHeader(Name = "x-correlation-id")] string correlationId = null, to every controller's method? At first, it seems to be redundant and indeed - a boilerplate code that should be somehow handled globally (if really is necessary).
CVE-2019-0820 (High) detected in system.text.regularexpressions.4.3.0.nupkg
CVE-2019-0820 - High Severity Vulnerability
Vulnerable Library - system.text.regularexpressions.4.3.0.nupkg
Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...
Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- system.componentmodel.annotations.4.3.0.nupkg
- ❌ system.text.regularexpressions.4.3.0.nupkg (Vulnerable Library)
- system.componentmodel.annotations.4.3.0.nupkg
Found in base branch: master
Vulnerability Details
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.
Publish Date: 2019-05-16
URL: CVE-2019-0820
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-cmhx-cq75-c4mj
Release Date: 2019-05-16
Fix Resolution: System.Text.RegularExpressions - 4.3.1
Step up your Open Source Security Game with Mend here
CVE-2021-24112 (High) detected in system.drawing.common.5.0.0.nupkg
CVE-2021-24112 - High Severity Vulnerability
Vulnerable Library - system.drawing.common.5.0.0.nupkg
Provides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
- HappyCode.NetCoreBoilerplate.Api-1.3.0 (Root Library)
- aspnetcore.healthchecks.sqlserver.6.0.2.nupkg
- microsoft.data.sqlclient.5.0.1.nupkg
- system.runtime.caching.5.0.0.nupkg
- system.configuration.configurationmanager.5.0.0.nupkg
- system.security.permissions.5.0.0.nupkg
- system.windows.extensions.5.0.0.nupkg
- ❌ system.drawing.common.5.0.0.nupkg (Vulnerable Library)
- system.windows.extensions.5.0.0.nupkg
- system.security.permissions.5.0.0.nupkg
- system.configuration.configurationmanager.5.0.0.nupkg
- system.runtime.caching.5.0.0.nupkg
- microsoft.data.sqlclient.5.0.1.nupkg
- aspnetcore.healthchecks.sqlserver.6.0.2.nupkg
Found in base branch: master
Vulnerability Details
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Step up your Open Source Security Game with Mend here
CVE-2017-0256 (Medium) detected in system.net.http.4.3.0.nupkg - autoclosed
CVE-2017-0256 - Medium Severity Vulnerability
Vulnerable Library - system.net.http.4.3.0.nupkg
Provides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
- autofixture.4.17.0.nupkg (Root Library)
- fare.2.1.1.nupkg
- netstandard.library.1.6.1.nupkg
- ❌ system.net.http.4.3.0.nupkg (Vulnerable Library)
- netstandard.library.1.6.1.nupkg
- fare.2.1.1.nupkg
Found in base branch: master
Vulnerability Details
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0256
CVSS 3 Score Details (5.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-0256
Release Date: 2017-05-12
Fix Resolution: Microsoft.AspNetCore.Mvc.ApiExplorer - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Abstractions - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.1.3,1.0.4;System.Net.Http - 4.1.2,4.3.2;Microsoft.AspNetCore.Mvc.Razor - 1.1.3,1.0.4;System.Net.Http.WinHttpHandler - 4.0.2,4.3.0-preview1-24530-04;System.Net.Security - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;System.Text.Encodings.Web - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.Razor.Host - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3;System.Net.WebSockets.Client - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3
Step up your Open Source Security Game with Mend here
CVE-2024-21319 (Medium) detected in microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg, system.identitymodel.tokens.jwt.6.24.0.nupkg
CVE-2024-21319 - Medium Severity Vulnerability
Vulnerable Libraries - microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg, system.identitymodel.tokens.jwt.6.24.0.nupkg
microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg
Path to dependency file: /test/HappyCode.NetCoreBoilerplate.Api.UnitTests/HappyCode.NetCoreBoilerplate.Api.UnitTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/6.24.0/microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg
Dependency Hierarchy:
- microsoft.entityframeworkcore.sqlserver.8.0.2.nupkg (Root Library)
- microsoft.data.sqlclient.5.1.4.nupkg
- ❌ microsoft.identitymodel.jsonwebtokens.6.24.0.nupkg (Vulnerable Library)
- microsoft.data.sqlclient.5.1.4.nupkg
system.identitymodel.tokens.jwt.6.24.0.nupkg
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/system.identitymodel.tokens.jwt.6.24.0.nupkg
Path to dependency file: /test/HappyCode.NetCoreBoilerplate.Api.UnitTests/HappyCode.NetCoreBoilerplate.Api.UnitTests.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/6.24.0/system.identitymodel.tokens.jwt.6.24.0.nupkg
Dependency Hierarchy:
- microsoft.entityframeworkcore.sqlserver.8.0.2.nupkg (Root Library)
- microsoft.data.sqlclient.5.1.4.nupkg
- microsoft.identitymodel.protocols.openidconnect.6.24.0.nupkg
- ❌ system.identitymodel.tokens.jwt.6.24.0.nupkg (Vulnerable Library)
- microsoft.identitymodel.protocols.openidconnect.6.24.0.nupkg
- microsoft.data.sqlclient.5.1.4.nupkg
Found in base branch: master
Vulnerability Details
Microsoft Identity Denial of service vulnerability
Publish Date: 2024-01-09
URL: CVE-2024-21319
CVSS 3 Score Details (6.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g9c-28fc-mcx2
Release Date: 2024-01-09
Fix Resolution: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2
Step up your Open Source Security Game with Mend here
docker compose not working ?
[internal] load metadata for mcr.microsoft.com/dotnet/sdk:7.0 0.2s
=> CANCELED [build 1/8] FROM mcr.microsoft.com/dotnet/sdk:7.0@sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 0.0s
=> => resolve mcr.microsoft.com/dotnet/sdk:7.0@sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 0.0s > => sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 1.82kB / 1.82kB 0.0s
=> => sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 1.82kB / 1.82kB 0.0s > => sha256:a1acc0e30787b76c634d2482aaa13e92a0ec9643abccada4c38e1eda26557981 7.16kB / 7.16kB 0.0s
=> => sha256:a2d065a38471c9e4709745012f2fca26a715cfc6975eef5611c65000d4943259 2.01kB / 2.01kB 0.0s > => resolve mcr.microsoft.com/dotnet/aspnet:7.0@sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 0.0s
=> => sha256:a1acc0e30787b76c634d2482aaa13e92a0ec9643abccada4c38e1eda26557981 7.16kB / 7.16kB 0.0s > => sha256:093335d9beee34ed3c51a18def2161f62c15da8b3a21143f2478d10d70d3e3c6 1.37kB / 1.37kB 0.0s
=> CANCELED [final 1/3] FROM mcr.microsoft.com/dotnet/aspnet:7.0@sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 0.0s > ERROR [internal] load build context 0.0s
=> => resolve mcr.microsoft.com/dotnet/aspnet:7.0@sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 0.0s => => resolve mcr.microsoft.com/dotnet/sdk:7.0@sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 0.0s
=> => sha256:1015914ba9e3d3ab350f522aa446d17d7ee68190e431a25c0c11e678081327c7 1.82kB / 1.82kB 0.0s
=> => sha256:a2d065a38471c9e4709745012f2fca26a715cfc6975eef5611c65000d4943259 2.01kB / 2.01kB 0.0s
=> => sha256:a1acc0e30787b76c634d2482aaa13e92a0ec9643abccada4c38e1eda26557981 7.16kB / 7.16kB 0.0s
=> CANCELED [final 1/3] FROM mcr.microsoft.com/dotnet/aspnet:7.0@sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 0.0s
=> => resolve mcr.microsoft.com/dotnet/aspnet:7.0@sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 0.0s
=> => sha256:d43cb7cae013b5411fb9c1065d126585f50b6ccfc42d4c6d8e4e4114eadfb7cf 1.82kB / 1.82kB 0.0s
=> => sha256:093335d9beee34ed3c51a18def2161f62c15da8b3a21143f2478d10d70d3e3c6 1.37kB / 1.37kB 0.0s
=> => sha256:ee7a11c84975fa708fcfc261370e09b844f99fd3a3fc7541ed7c08915eb5112c 3.25kB / 3.25kB 0.0s
=> ERROR [internal] load build context 0.0s
=> => transferring context: 124B 0.0s
[internal] load build context:
failed to solve: error from sender: readdir: open C:\Downloads\netcore-boilerplate\src*: The filename, directory name, or volume label syntax is incorrect.
PS C:\Downloads\netcore-boilerplate>
Dependency Resolution Exception
Hi,
I have forked out your repository as a boilerplate and added npgsql to support postgres database. However, I am facing an "Autofac.Core.DependencyResolutionException" error even though I have injected the dependency at GeneralRegisterModule file. Did I inject the repository wrongly?
The flow that I am trying to implement is
Controller --> Service --> Repository
Error
"Autofac.Core.DependencyResolutionException: An exception was thrown while activating ShippingService.Core.Services.ShippingRateService.\r\n ---> Autofac.Core.DependencyResolutionException: None of the constructors found with 'Autofac.Core.Activators.Reflection.DefaultConstructorFinder' on type 'ShippingService.Core.Services.ShippingRateService' can be invoked with the available services and parameters:\r\nCannot resolve parameter 'ShippingService.Core.Repositories.ShippingExpressRepository shippingExpressRepository' of constructor 'Void .ctor(ShippingService.Core.Repositories.ShippingExpressRepository)'.
GeneralRegisterModule.cs
builder.RegisterType<ShippingExpressRepository>().As<IShippingExpressRepository>(); builder.RegisterType<ShippingRateService>().As<IShippingRateService>();
ShippingRateService
`
private readonly IShippingExpressRepository _shippingExpressRepository;
public ShippingRateService(ShippingExpressRepository shippingExpressRepository)
{
_shippingExpressRepository = shippingExpressRepository;
}
`
CVE-2024-29992 (Medium) detected in azure.identity.1.10.3.nupkg
CVE-2024-29992 - Medium Severity Vulnerability
Vulnerable Library - azure.identity.1.10.3.nupkg
This is the implementation of the Azure SDK Client Library for Azure Identity
Library home page: https://api.nuget.org/packages/azure.identity.1.10.3.nupkg
Path to dependency file: /src/HappyCode.NetCoreBoilerplate.Db/HappyCode.NetCoreBoilerplate.Db.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/azure.identity/1.10.3/azure.identity.1.10.3.nupkg
Dependency Hierarchy:
- microsoft.entityframeworkcore.sqlserver.8.0.3.nupkg (Root Library)
- microsoft.data.sqlclient.5.1.5.nupkg
- ❌ azure.identity.1.10.3.nupkg (Vulnerable Library)
- microsoft.data.sqlclient.5.1.5.nupkg
Found in base branch: master
Vulnerability Details
Azure Identity Library for .NET Information Disclosure Vulnerability
Publish Date: 2024-04-09
URL: CVE-2024-29992
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: GHSA-wvxc-855f-jvrv
Release Date: 2024-04-09
Fix Resolution: Azure.Identity - 1.11.0
Step up your Open Source Security Game with Mend here
dotnet7 migration
work done. waiting for dependencies
2 Performance Tests Fail with StackTrace in stepStats.RPS and scenarioStats.LatencyCount.
Hi Thanks for putting this together. When I run dotnet test unit tests pass pur issues with perf tests. Any ideas?
Test Run Successful.
Total tests: 8
Passed: 8
Total time: 12.7045 Seconds
Test Run Successful.
Total tests: 19
Passed: 19
Total time: 15.5701 Seconds
Test Run Successful.
Total tests: 8
Passed: 8
Total time: 17.6956 Seconds
[xUnit.net 00:00:17.85] HappyCode.NetCoreBoilerplate.Api.LoadTests.CarsControllerTests.GetAll_load_test [FAIL]
X HappyCode.NetCoreBoilerplate.Api.LoadTests.CarsControllerTests.GetAll_load_test [9s 108ms]
Error Message:
Expected stepStats.RPS to be greater or equal to 20, but found 0.
Stack Trace:
at FluentAssertions.Execution.XUnit2TestFramework.Throw(String message)
at FluentAssertions.Execution.TestFrameworkProvider.Throw(String message)
at FluentAssertions.Execution.DefaultAssertionStrategy.HandleFailure(String message)
at FluentAssertions.Execution.AssertionScope.FailWith(Func1 failReasonFunc) at FluentAssertions.Execution.AssertionScope.FailWith(Func1 failReasonFunc)
at FluentAssertions.Execution.AssertionScope.FailWith(String message, Object[] args)
at FluentAssertions.Numeric.NumericAssertions1.BeGreaterOrEqualTo(T expected, String because, Object[] becauseArgs) at HappyCode.NetCoreBoilerplate.Api.LoadTests.LoadTestsBase.<>c.<AssertResults>b__7_0(StepStats stepStats) in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\LoadTestsBase.cs:line 75 at System.Collections.Generic.List1.ForEach(Action1 action) at HappyCode.NetCoreBoilerplate.Api.LoadTests.LoadTestsBase.AssertResults(NodeStats stats) in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\LoadTestsBase.cs:line 72 at HappyCode.NetCoreBoilerplate.Api.LoadTests.LoadTestsBase.ExecuteLoadTest(String action, String method, HttpContent body) in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\LoadTestsBase.cs:line 33 at HappyCode.NetCoreBoilerplate.Api.LoadTests.CarsControllerTests.GetAll_load_test() in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\CarsControllerTests.cs:line 12 [xUnit.net 00:00:24.87] HappyCode.NetCoreBoilerplate.Api.LoadTests.EmployeesControllerTests.Post_with_Get_load_test [FAIL] X HappyCode.NetCoreBoilerplate.Api.LoadTests.EmployeesControllerTests.Post_with_Get_load_test [7s 254ms] Error Message: ****Expected scenarioStats.LatencyCount.Less800 to be greater or equal to 450, but found 230.**** Stack Trace: at FluentAssertions.Execution.XUnit2TestFramework.Throw(String message) at FluentAssertions.Execution.TestFrameworkProvider.Throw(String message) at FluentAssertions.Execution.DefaultAssertionStrategy.HandleFailure(String message) at FluentAssertions.Execution.AssertionScope.FailWith(Func1 failReasonFunc)
at FluentAssertions.Execution.AssertionScope.FailWith(Func1 failReasonFunc) at FluentAssertions.Execution.AssertionScope.FailWith(String message, Object[] args) at FluentAssertions.Numeric.NumericAssertions1.BeGreaterOrEqualTo(T expected, String because, Object[] becauseArgs)
at HappyCode.NetCoreBoilerplate.Api.LoadTests.LoadTestsBase.AssertResults(NodeStats stats) in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\LoadTestsBase.cs:line 70
at HappyCode.NetCoreBoilerplate.Api.LoadTests.LoadTestsBase.ExecuteLoadTests(IStep[] steps) in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\LoadTestsBase.cs:line 43
at HappyCode.NetCoreBoilerplate.Api.LoadTests.EmployeesControllerTests.Post_with_Get_load_test() in C:\Train\netcore EF services\netcore-boilerplate-master\test\HappyCode.NetCoreBoilerplate.Api.LoadTests\EmployeesControllerTests.cs:line 54
Test Run Failed.
Total tests: 4
Passed: 2
Failed: 2
Total time: 35.4091 Seconds
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.