GHSA-24mc-gc52-47jv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-24mc-gc52-47jv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-24mc-gc52-47jv/GHSA-24mc-gc52-47jv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-24mc-gc52-47jv
- Aliases
- Published
- 2024-10-30T14:40:58Z
- Modified
- 2024-10-30T16:26:01.874094Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
- Details
-
Impact
Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.
Users not implemented SAS Uri's are unaffected.
Patches
This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP.
Workarounds
None
- References
-
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv
- https://nvd.nist.gov/vuln/detail/CVE-2024-50353
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff
- https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage
Affected packages
NuGet / ICG.AspNetCore.Utilities.CloudStorage
Package
- Name
- ICG.AspNetCore.Utilities.CloudStorage
- View open source insights on deps.dev
- Purl
- pkg:nuget/ICG.AspNetCore.Utilities.CloudStorage