`Microsoft.Owin` and `Microsoft.Owin.Security.Cookies` marked as vulnerable on NuGet.org
See original GitHub issueHi there,
My CI/CD pipelines failed with the following information
Top-level Package Requested Resolved Severity Advisory URL
> Microsoft.Owin.Security.Cookies 4.2.2 4.2.2 High https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
Transitive Package Resolved Severity Advisory URL
> Microsoft.Owin 4.2.2 High https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
according to https://github.com/advisories/GHSA-3rq8-h3gj-r5c6
following packages in version 4.2.2 should not be affected with CVE-2022-29117
Is the vulnerability warning on NuGet.org marked by accident?
Issue Analytics
- State:
- Created a year ago
- Reactions:1
- Comments:14 (7 by maintainers)
Top Results From Across the Web
Microsoft.Owin.Security.Cookies 4.2.2
Middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.
Read more >NET Denial of Service Vulnerability · Advisory
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1.
Read more >Microsoft ASP.NET Core Security Feature Bypass ...
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser ...
Read more >SameSite cookies and the Open Web Interface for .NET ...
SameSite works on all versions targetable by the Microsoft.Owin packages, .NET 4.5 and later. Only the SystemWebCookieManager component directly ...
Read more >Denial of Service (DoS) in microsoft.owin | CVE-2022-29117
Affected versions of this package are vulnerable to Denial of Service (DoS) due to a flaw in .NET 6.0 , .NET 5.0 ,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
It’s also still being flagged in VS. I’ve pinged the nuget team.
Fixed (for reals this time 😆) in VS and https://api.nuget.org/v3/registration5-gz-semver2/microsoft.owin.security.cookies/index.json