DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) #40

mend-bolt-for-github · 2023-08-04T22:56:49Z

Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll

DotNetNuke.Modules.DigitalAssets

Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.9.0.nupkg

Path to vulnerable library: /References/DNN/09.09.00/DotNetNuke.Modules.DigitalAssets.dll

Found in HEAD commit: 61d68e66aa3757662eeaa470752485e0352ecd9b

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (DotNetNuke.Modules.DigitalAssets version)	Remediation Possible**
CVE-2022-47053	Medium	5.4	DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll	Direct	DotNetNuke.Bundle - 9.11.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-47053

Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll

DotNetNuke.Modules.DigitalAssets

Library home page: https://api.nuget.org/packages/dotnetnuke.bundle.9.9.0.nupkg

Path to vulnerable library: /References/DNN/09.09.00/DotNetNuke.Modules.DigitalAssets.dll

Dependency Hierarchy:

❌ DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll (Vulnerable Library)

Found in HEAD commit: 61d68e66aa3757662eeaa470752485e0352ecd9b

Found in base branch: dev

Vulnerability Details

An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.

Publish Date: 2023-04-12

URL: CVE-2022-47053

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.dnnsoftware.com/community/security/security-center#:~:text=XSS%20in%20Digital%20Asset%20Manager

Release Date: 2023-04-12

Fix Resolution: DotNetNuke.Bundle - 9.11.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by Mend label Aug 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) #40

DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) #40

mend-bolt-for-github bot commented Aug 4, 2023 •

edited

Loading

Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll

Vulnerability Details

CVSS 3 Score Details (5.4)

Suggested Fix

DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) #40

DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll: 1 vulnerabilities (highest severity is: 5.4) #40

Comments

mend-bolt-for-github bot commented Aug 4, 2023 • edited Loading

Vulnerabilities

Details

Vulnerable Library - DotNetNuke.Modules.DigitalAssets-9.9.0.0.dll

Vulnerability Details

CVSS 3 Score Details (5.4)

Suggested Fix

mend-bolt-for-github bot commented Aug 4, 2023 •

edited

Loading