Scouttlo
ENES
All ideas/devtools/Plataforma SaaS de análisis y mitigación automática de vulnerabilidades en dependencias transitorias de proyectos .NET con recomendaciones y parches.
GitHubB2Bdevtools

Plataforma SaaS de análisis y mitigación automática de vulnerabilidades en dependencias transitorias de proyectos .NET con recomendaciones y parches.

Scouted 6 hours ago

6.8/ 10
Overall score

Turn this signal into an edge

We help you build it, validate it, and get there first.

Go from idea to plan: who buys, what MVP to launch, how to validate it, and what to measure before spending months.

Extra context

Learn more about this idea

Get a clearer explanation of what the opportunity means, the current problem behind it, how this idea solves it, and the key concepts involved.

Share your email to view this expanded analysis.

Score breakdown

Urgency8.0
Market size7.0
Feasibility7.0
Competition5.0
Pain point

Vulnerabilidad de denegación de servicio en librerías transitorias de .NET que afecta la seguridad de aplicaciones.

Who'd pay for this

Equipos de desarrollo de software, empresas que mantienen proyectos en .NET, y proveedores de software que buscan asegurar sus cadenas de dependencias.

Source signal

"A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings"

Original post

nunit3testadapter.3.9.0.nupkg: 1 vulnerabilities (highest severity is: 7.5) reachable

Published: 6 hours ago

Repository: jgeraigery/coremltools Author: mend-for-github-com[bot] <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - <b>nunit3testadapter.3.9.0.nupkg</b></summary> <p></p> <p>Path to dependency file: /deps/protobuf/csharp/src/Google.Protobuf.Conformance/Google.Protobuf.Conformance.csproj</p> <p>Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg</p> <p> <p>Found in HEAD commit: <a href="https://github.com/jgeraigery/coremltools/commit/cb187ac68bbd85399a27da116bd477a755448e9e">cb187ac68bbd85399a27da116bd477a755448e9e</a></p></details> ## Vulnerabilities | Vulnerability | Severity | <img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS | Exploit Maturity | EPSS | Dependency | Type | Fixed in (nunit3testadapter.3.9.0.nupkg version) | Remediation Possible** | Reachability | | ------------- | ------------- | ----- | ----- | ----- | ----- | ----- | ------------- | --- | --- | | [CVE-2019-0820](https://www.mend.io/vulnerability-database/CVE-2019-0820) | <img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> High | 7.5 | Not Defined | 2.7% | system.text.regularexpressions.4.3.0.nupkg | Transitive | N/A* | &#10060;|<p align="center"><img src='https://whitesource-resources.whitesourcesoftware.com/viaRed.png' width=19 height=20> Reachable</p> | <p>*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.</p><p>**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation</p> ## Details <details> <summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png?' width=19 height=20> <img src='https://whitesource-resources.whitesourcesoftware.com/viaRed.png' width=19 height=20> CVE-2019-0820</summary> ### Vulnerable Library - <b>system.text.regularexpressions.4.3.0.nupkg</b> <p>Provides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...</p> <p>Library home page: <a href="https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg">https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg</a></p> <p>Path to dependency file: /deps/protobuf/csharp/src/Google.Protobuf.Benchmarks/Google.Protobuf.Benchmarks.csproj</p> <p>Path to vulnerable library: /opt/containerbase/tools/dotnet/sdk/NuGetFallbackFolder/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg</p> <p> Dependency Hierarchy: - nunit3testadapter.3.9.0.nupkg (Root Library) - system.xml.xmldocument.4.3.0.nupkg - system.xml.readerwriter.4.3.0.nupkg - :x: **system.text.regularexpressions.4.3.0.nupkg** (Vulnerable Library) <p>Found in HEAD commit: <a href="https://github.com/jgeraigery/coremltools/commit/cb187ac68bbd85399a27da116bd477a755448e9e">cb187ac68bbd85399a27da116bd477a755448e9e</a></p> <p>Found in base branch: <b>main</b></p> </p> <p></p> ### Reachability Analysis This vulnerability is potentially reachable ``` System.Text.RegularExpressions.RegexMatchTimeoutException (Application) -> System.Text.RegularExpressions.RegexRunner (Extension) -> System.Text.RegularExpressions.Regex (Extension) -> ❌ Google.Protobuf.JsonParser (Vulnerable Component) ``` </p> <p></p> ### Vulnerability Details <p> A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. <p>Publish Date: 2019-05-16 <p>URL: <a href=https://www.mend.io/vulnerability-database/CVE-2019-0820>CVE-2019-0820</a></p> </p> <p></p> ### Threat Assessment <p> <p>Exploit Maturity: Not Defined</p> <p>EPSS: 2.7%</p> </p> <p></p> ### CVSS 3 Score Details (<b>7.5</b>) <p> Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High </p> For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>. </p> <p></p> ### Suggested Fix <p> <p>Type: Upgrade version</p> <p>Origin: <a href="https://github.com/advisories/GHSA-cmhx-cq75-c4mj">https://github.com/advisories/GHSA-cmhx-cq75-c4mj</a></p> <p>Release Date: 2019-05-16</p> <p>Fix Resolution: System.Text.RegularExpressions - 4.3.1</p> </p> <p></p> </details>

View on github

Related in devtools

RSSB2Bdevtools
8.3

Plataforma que calcula automáticamente el tamaño óptimo de modelo, volumen de datos de entrenamiento y presupuesto de inferencia usando Train-to-Test scaling laws

21 hours ago
Details
ProductHuntB2Bdevtools
8.0

Plataforma que analiza y optimiza sitios web para compatibilidad con agentes de IA, incluyendo auditorías automáticas, recomendaciones de mejora y herramientas de implementación.

3 days ago
Details
HNB2Bdevtools
7.8

Una plataforma SaaS de gestión de acceso a infraestructuras cloud que permita control granular, automatización de permisos y credenciales de corta duración, con integración sencilla y sin necesidad de infraestructura propia.

6 hours ago
Details
HNB2Bdevtools
7.8

Plataforma que ayuda a empresas SaaS tradicionales a integrar y orquestar agentes de IA en sus productos existentes para mantener competitividad.

21 hours ago
Details
Open source