Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

perf: Minor optimizations #343

Merged
merged 10 commits into from
Dec 5, 2024

Merge branch 'v9' into perf-experiments

2cbdd43
Select commit
Loading
Failed to load commit list.
Merged

perf: Minor optimizations #343

Merge branch 'v9' into perf-experiments
2cbdd43
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 5, 2024 in 3m 11s

Security Report

You have successfully remediated 15 vulnerabilities, but introduced 64 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/netstandard1.3/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/net35-full/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/net35-client/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/net40-client/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/net40-full/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2018-1285

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/log4net.2.0.8/lib/net45-full/log4net.dll

Dependency Hierarchy:

-> ❌ log4net-2.0.8.0.dll (Vulnerable Library)

Critical 9.8 log4net-2.0.8.0.dll Upgrade to version: log4net - 2.0.10 #331
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/net46/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to dependency file: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/DbLocalizationProvider.EPiServer.Sample.csproj

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/DbLocalizationProvider.EPiServer.Sample.csproj,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/DbLocalizationProvider.EPiServer.Tests.csproj

Dependency Hierarchy:

-> ❌ system.data.sqlclient.4.4.0.nupkg (Vulnerable Library)

High 8.7 system.data.sqlclient.4.4.0.nupkg Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-0056

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

High 8.7 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6 #332
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/net35/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/net20/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/net40/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/net40/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/portable-net40+sl5+win8+wp8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to dependency file: /optimizely/src/DbLocalizationProvider.MigrationTool/DbLocalizationProvider.MigrationTool.csproj

Path to vulnerable library: /optimizely/src/DbLocalizationProvider.MigrationTool/DbLocalizationProvider.MigrationTool.csproj,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/DbLocalizationProvider.EPiServer.Sample.csproj,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/DbLocalizationProvider.EPiServer.Tests.csproj

Dependency Hierarchy:

-> ❌ newtonsoft.json.11.0.2.nupkg (Vulnerable Library)

High 7.5 newtonsoft.json.11.0.2.nupkg Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/net45/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/net45/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/net20/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/net20/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/net20/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/netstandard2.0/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/netstandard2.0/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /common/Tests/DbLocalizationProvider.Tests/packages/Newtonsoft.Json.9.0.1/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-9.0.1.19813.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-9.0.1.19813.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/net35/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/net35/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/net35/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21907

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/Newtonsoft.Json.11.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/optimizely/src/DbLocalizationProvider.MigrationTool/packages/Newtonsoft.Json.11.0.2/lib/netstandard1.0/Newtonsoft.Json.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Newtonsoft.Json.11.0.2/lib/netstandard1.0/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-11.0.2.21924.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-11.0.2.21924.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #283
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.IdentityModel.Tokens.Jwt.5.6.0/lib/net461/System.IdentityModel.Tokens.Jwt.dll

Dependency Hierarchy:

-> ❌ System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.IdentityModel.Tokens.Jwt.5.6.0/lib/net45/System.IdentityModel.Tokens.Jwt.dll

Dependency Hierarchy:

-> ❌ System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.IdentityModel.Tokens.Jwt.5.6.0/lib/netstandard1.4/System.IdentityModel.Tokens.Jwt.dll

Dependency Hierarchy:

-> ❌ System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.IdentityModel.JsonWebTokens.5.6.0/lib/net461/Microsoft.IdentityModel.JsonWebTokens.dll

Dependency Hierarchy:

-> ❌ Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.IdentityModel.JsonWebTokens.5.6.0/lib/net451/Microsoft.IdentityModel.JsonWebTokens.dll

Dependency Hierarchy:

-> ❌ Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.IdentityModel.JsonWebTokens.5.6.0/lib/netstandard1.4/Microsoft.IdentityModel.JsonWebTokens.dll

Dependency Hierarchy:

-> ❌ Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.IdentityModel.JsonWebTokens.5.6.0/lib/netstandard2.0/Microsoft.IdentityModel.JsonWebTokens.dll

Dependency Hierarchy:

-> ❌ Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 Microsoft.IdentityModel.JsonWebTokens-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-21319

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.IdentityModel.Tokens.Jwt.5.6.0/lib/netstandard2.0/System.IdentityModel.Tokens.Jwt.dll

Dependency Hierarchy:

-> ❌ System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll (Vulnerable Library)

Medium 6.8 System.IdentityModel.Tokens.Jwt-5.6.0.61018.dll Upgrade to version: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2 #326
CVE-2024-6531

Path to vulnerable library: /aspnetcore/tests/DbLocalizationProvider.Core.AspNetSample/wwwroot/lib/bootstrap/dist/js/bootstrap.js

Dependency Hierarchy:

-> ❌ bootstrap-4.3.1.js (Vulnerable Library)

Medium 6.4 bootstrap-4.3.1.js Upgrade to version: bootstrap - 5.0.0 None
CVE-2022-34716

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Security.Cryptography.Xml.4.4.2/lib/net461/System.Security.Cryptography.Xml.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Security.Cryptography.Xml.4.4.2/lib/net461/System.Security.Cryptography.Xml.dll

Dependency Hierarchy:

-> ❌ System.Security.Cryptography.Xml-4.6.26418.02.dll (Vulnerable Library)

Medium 5.9 System.Security.Cryptography.Xml-4.6.26418.02.dll Upgrade to version: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1 #336
CVE-2022-34716

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Security.Cryptography.Xml.4.4.2/lib/netstandard2.0/System.Security.Cryptography.Xml.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Security.Cryptography.Xml.4.4.2/lib/netstandard2.0/System.Security.Cryptography.Xml.dll

Dependency Hierarchy:

-> ❌ System.Security.Cryptography.Xml-4.6.26418.02.dll (Vulnerable Library)

Medium 5.9 System.Security.Cryptography.Xml-4.6.26418.02.dll Upgrade to version: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1 #336
CVE-2022-34716

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Security.Cryptography.Xml.4.4.2/System.Security.Cryptography.Xml.4.4.2.nupkg,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Security.Cryptography.Xml.4.4.2/System.Security.Cryptography.Xml.4.4.2.nupkg

Dependency Hierarchy:

-> ❌ system.security.cryptography.xml.4.4.2.nupkg (Vulnerable Library)

Medium 5.9 system.security.cryptography.xml.4.4.2.nupkg Upgrade to version: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1 #336
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Data.SqlClient.4.4.0/lib/netstandard1.2/System.Data.SqlClient.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Data.SqlClient.4.4.0/lib/netstandard1.2/System.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ System.Data.SqlClient-4.6.25519.03.dll (Vulnerable Library)

Medium 5.8 System.Data.SqlClient-4.6.25519.03.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/net46/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Data.SqlClient.4.4.0/lib/netstandard2.0/System.Data.SqlClient.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Data.SqlClient.4.4.0/lib/netstandard2.0/System.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ System.Data.SqlClient-4.6.25519.03.dll (Vulnerable Library)

Medium 5.8 System.Data.SqlClient-4.6.25519.03.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to dependency file: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/DbLocalizationProvider.EPiServer.Sample.csproj

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/DbLocalizationProvider.EPiServer.Sample.csproj,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/DbLocalizationProvider.EPiServer.Tests.csproj

Dependency Hierarchy:

-> ❌ system.data.sqlclient.4.4.0.nupkg (Vulnerable Library)

Medium 5.8 system.data.sqlclient.4.4.0.nupkg Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netcoreapp2.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/win/lib/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/runtimes/unix/lib/netcoreapp3.1/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/Microsoft.Data.SqlClient.2.0.1/ref/netstandard2.0/Microsoft.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ Microsoft.Data.SqlClient-2.0.20168.4.dll (Vulnerable Library)

Medium 5.8 Microsoft.Data.SqlClient-2.0.20168.4.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Data.SqlClient.4.4.0/lib/netstandard1.3/System.Data.SqlClient.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Data.SqlClient.4.4.0/lib/netstandard1.3/System.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ System.Data.SqlClient-4.6.25519.03.dll (Vulnerable Library)

Medium 5.8 System.Data.SqlClient-4.6.25519.03.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Data.SqlClient.4.4.0/runtimes/unix/lib/netstandard2.0/System.Data.SqlClient.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Data.SqlClient.4.4.0/runtimes/unix/lib/netstandard2.0/System.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ System.Data.SqlClient-4.6.25519.03.dll (Vulnerable Library)

Medium 5.8 System.Data.SqlClient-4.6.25519.03.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339
CVE-2022-41064

Path to vulnerable library: /optimizely/tests/DbLocalizationProvider.EPiServer.Sample/packages/System.Data.SqlClient.4.4.0/runtimes/win/lib/netstandard2.0/System.Data.SqlClient.dll,/optimizely/tests/DbLocalizationProvider.EPiServer.Tests/packages/System.Data.SqlClient.4.4.0/runtimes/win/lib/netstandard2.0/System.Data.SqlClient.dll

Dependency Hierarchy:

-> ❌ System.Data.SqlClient-4.6.25519.03.dll (Vulnerable Library)

Medium 5.8 System.Data.SqlClient-4.6.25519.03.dll Upgrade to version: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5 #339

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-32035 sixlabors.imagesharp.2.1.7.nupkg
CVE-2024-43483 microsoft.extensions.caching.memory.6.0.0.nupkg
CVE-2024-32036 sixlabors.imagesharp.2.1.7.nupkg
CVE-2024-43485 system.text.json.6.0.0.nupkg
CVE-2019-0820 system.text.regularexpressions.4.3.0.nupkg
CVE-2024-41132 sixlabors.imagesharp.2.1.7.nupkg
CVE-2018-8292 system.net.http.4.3.0.nupkg
CVE-2024-41131 sixlabors.imagesharp.2.1.7.nupkg
CVE-2024-43484 system.io.packaging.6.0.0.nupkg
CVE-2024-43485 system.text.json.6.0.9.nupkg
CVE-2024-43485 system.text.json.8.0.4.nupkg
CVE-2024-38095 system.formats.asn1.6.0.0.nupkg
CVE-2024-43483 system.io.packaging.6.0.0.nupkg
CVE-2024-43483 microsoft.extensions.caching.memory.8.0.0.nupkg
CVE-2023-29331 system.security.cryptography.pkcs.6.0.1.nupkg

Base branch total remaining vulnerabilities: 135
Base branch commit: 5be72f49c863e6cee723356e324f7cc63ed3bd2a


Total libraries scanned: 828

Scan token: 8fe4f0962a634a0d8a6fea307d2db565

View more details on Mend Bolt for GitHub