Created
April 28, 2017 21:47
-
-
Save seanmarpo/b4181f9ded0ea2af3a09bc6079e7a4d1 to your computer and use it in GitHub Desktop.
DevAudit Output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample> devaudit.exe nuget . | |
_____ _______ __ __ __ | |
| \ .-----..--.--.| _ |.--.--..--| ||__|| |_ | |
| -- || -__|| | || || | || _ || || _| | |
|_____/ |_____| \___/ |___|___||_____||_____||__||____| | |
v2.0.3.52 | |
21:46:21<01> [AUDIT] [STATUS] Scanning NuGet packages. | |
Scanning NuGet packages... | |
21:46:21<01> [AUDIT] [SUCCESS] Scanned 33 NuGet packages. | |
Searching OSS Index for vulnerabilities for 33 packages... | |
21:46:22<05> [AUDIT] [SUCCESS] Found 13 vulnerabilities for 33 package(s) on OSS Index in 1184 ms. | |
21:46:22<05> [AUDIT] [INFO] Evaluated 13 vulnerabilities with 3 matches to package version in 103 ms. | |
Package Source Audit Results | |
============================ | |
3 total vulnerabilities found in NuGet package source audit. Total time for audit: 1365 ms. | |
[1/6] jQuery [VULNERABLE] 7 known vulnerabilities, 2 affecting installed package version(s): [2.2.3] | |
--[1/2] [Duplicate] Cross Site Scripting (XSS) | |
--Description: See https://ossindex.net/resource/vulnerability/8399962417 | |
Requests to third-party resources with a text/javascript response type are automatically evaluated, which can result in | |
the execution of arbitrary code. | |
--Affected versions: >1.12.3 <3.0.0-beta1 | |
--[2/2] Cross Site Scripting (XSS) in parseHTML | |
--Description: > Scripts passed in event attributes are executed in parseHTML immediately, without any possibility for | |
the user to intervene | |
> | |
> -- [github.com](https://github.com/jquery/jquery/pull/1505) | |
--Affected versions: <3.0.0 | |
[2/6] bootstrap.less [VULNERABLE] 2 known vulnerabilities, 1 affecting installed package version(s): [3.3.6] | |
--[1/1] Cross Site Scripting (XSS) in data-target attribute | |
--Description: The data-target attribute is vulnerable to Cross-Site Scripting attacks when user-data is supplied to t | |
he data-target attribute. | |
--Affected versions: <= 3.3.7 | |
[3/6] Glimpse 1 known vulnerability, 0 affecting installed package version(s). | |
[4/6] Glimpse.AspNet 1 known vulnerability, 0 affecting installed package version(s). | |
[5/6] jQuery.Validation 1 known vulnerability, 0 affecting installed package version(s). | |
[6/6] Microsoft.AspNet.Mvc 1 known vulnerability, 0 affecting installed package version(s). | |
PS C:\Users\seanm\Desktop\test\Templates-master\Source\MVC5\Boilerplate.Web.Mvc5.Sample> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment