This repo is full of vulnerable nuget packages in both top level and transitive packages. Some of the vulnerabilities are years old.
Here's the list for the top level vulnerable packages:
Microsoft.AspNetCore.App 2.2.0 GHSA-6px8-22w5-w334 and GHSA-prrf-397v-83xh
Microsoft.NETCore.App 2.2.0 GHSA-6px8-22w5-w334 and GHSA-2xjx-v99w-gqf3 and GHSA-x5qj-9vmx-7g6g
MongoDB.Driver 2.10.0 GHSA-7j9m-j397-g4wx
Newtonsoft.Json 12.0.3 GHSA-5crp-9r3c-p9vr
System.IdentityModel.Tokens.Jwt 5.6.0 GHSA-59j7-ghrg-fj52
In the transitive package vulnerabilities there are two critical vulnerabilities with 9.8 ratings.
GHSA-w65q-jcmv-28gj published in 2023 is remote code execution
GHSA-w65q-jcmv-28gj published in 2021 is also remote code execution
All of these vulnerable packages have patched versions that fix the vulnerabilities.
This repo is full of vulnerable nuget packages in both top level and transitive packages. Some of the vulnerabilities are years old.
Here's the list for the top level vulnerable packages:
Microsoft.AspNetCore.App 2.2.0 GHSA-6px8-22w5-w334 and GHSA-prrf-397v-83xh
Microsoft.NETCore.App 2.2.0 GHSA-6px8-22w5-w334 and GHSA-2xjx-v99w-gqf3 and GHSA-x5qj-9vmx-7g6g
MongoDB.Driver 2.10.0 GHSA-7j9m-j397-g4wx
Newtonsoft.Json 12.0.3 GHSA-5crp-9r3c-p9vr
System.IdentityModel.Tokens.Jwt 5.6.0 GHSA-59j7-ghrg-fj52
In the transitive package vulnerabilities there are two critical vulnerabilities with 9.8 ratings.
GHSA-w65q-jcmv-28gj published in 2023 is remote code execution
GHSA-w65q-jcmv-28gj published in 2021 is also remote code execution
All of these vulnerable packages have patched versions that fix the vulnerabilities.