Security Vulnerabilities in Chutzpah 4.4.11

[serhiypukhanov]

1
Description
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
Recommendation
Upgrade to version Microsoft.AspNetCore.Server.IISIntegration - 2.1.0, Microsoft.AspNetCore.Hosting - 2.1.0

2
Description
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112.
Recommendation
Upgrade to version System.Text.Encodings.Web - 4.5.1,4.7.2,5.0.1

3
Description
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.
Recommendation
Upgrade to version Microsoft.AspNetCore.App - 2.1.22, Microsoft.AspNetCore.All - 2.1.22,Microsoft.NETCore.App - 2.1.22, Microsoft.AspNetCore.Http - 2.1.22

4
Chutzpah.4.4.11/tools/Node/packages/node_modules/ws/package.json
Recommendation
Upgrade ws from 5.2.2 to 5.2.3 to fix the vulnerability.
Chutzpah.4.4.11/tools/Node/packages/node_modules/puppeteer-core/node_modules/ws/package.json
Recommendation
Upgrade ws from 6.2.1 to 6.2.2 to fix the vulnerability.

5
Chutzpah.4.4.11/tools/Node/packages/node_modules/ajv/package.json
Recommendation
Upgrade to version ajv - 6.12.3

[F-Forget]

I'm also seeing those vulnerabilities and I think I'd be very important to fix them!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.