Dev Observability
Product
Pricing
Docs
Resources
Blog
Company
Debug Wordle

question-mark

Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

`Microsoft.Owin` and `Microsoft.Owin.Security.Cookies` marked as vulnerable on NuGet.org

See original GitHub issue

Hi there,

My CI/CD pipelines failed with the following information

Top-level Package                      Requested   Resolved   Severity   Advisory URL                                     
   > Microsoft.Owin.Security.Cookies      4.2.2       4.2.2      High       https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

   Transitive Package      Resolved   Severity   Advisory URL                                     
   > Microsoft.Owin        4.2.2      High       https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

according to https://github.com/advisories/GHSA-3rq8-h3gj-r5c6

following packages in version 4.2.2 should not be affected with CVE-2022-29117

Microsoft.Owin 4.2.2 vulnerable

Microsoft.Owin.Security.Cookies 4.2.2 vulnerable

Is the vulnerability warning on NuGet.org marked by accident?

Issue Analytics

State:
Created a year ago
Reactions:1
Comments:14 (7 by maintainers)

Top GitHub Comments

3reactions

Tratchercommented, Sep 1, 2022

It’s also still being flagged in VS. I’ve pinged the nuget team.

2reactions

Tratchercommented, Sep 7, 2022

Fixed (for reals this time 😆) in VS and https://api.nuget.org/v3/registration5-gz-semver2/microsoft.owin.security.cookies/index.json

Read more comments on GitHub >

Top Results From Across the Web

Microsoft.Owin.Security.Cookies 4.2.2

Middleware that enables an application to use cookie based authentication, similar to ASP.NET's forms authentication.

NET Denial of Service Vulnerability · Advisory

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1.

Microsoft ASP.NET Core Security Feature Bypass ...

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser ...

SameSite cookies and the Open Web Interface for .NET ...

SameSite works on all versions targetable by the Microsoft.Owin packages, .NET 4.5 and later. Only the SystemWebCookieManager component directly ...

Denial of Service (DoS) in microsoft.owin | CVE-2022-29117

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a flaw in .NET 6.0 , .NET 5.0 ,...

Top Related Medium Post

No results found

Top Related StackOverflow Question

No results found

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Top Related Reddit Thread

No results found

Top Related Hackernoon Post

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Top Related Hashnode Post

No results found

OpenIdConnect terminates the session in 5 minutes

How does the OwinHost.SystemWeb regiester it's module and handler ?