You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PS D:\git\akkadotnet\akka.net\src> dotnet list package --vulnerable --include-transitive
The following sources were used:
https://api.nuget.org/v3/index.json
C:\Program Files (x86)\Microsoft SDKs\NuGetPackages\
https://feed.sdkbin.com/auth/a90bce42-bd9f-4495-911b-dc2969ff7da4/sdkbin-phobos/v3/index.json
D:\nuget
The given project `PingPong` has no vulnerable packages given the current sources.
The given project `Akka.Remote.Tests` has no vulnerable packages given the current sources.
The given project `Akka.TestKit` has no vulnerable packages given the current sources.
The given project `Akka.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Remote` has no vulnerable packages given the current sources.
The given project `Akka` has no vulnerable packages given the current sources.
The given project `Akka.TestKit.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Tests.Shared.Internals` has no vulnerable packages given the current sources.
The given project `Akka.Cluster` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Remote.TestKit` has no vulnerable packages given the current sources.
The given project `Akka.Remote.TestKit.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.TCK` has no vulnerable packages given the current sources.
The given project `Akka.Persistence` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.TCK.Tests` has no vulnerable packages given the current sources.
The given project `Akka.TestKit.Xunit2` has no vulnerable packages given the current sources.
Project `Akka.Persistence.Sql.Common` has the following vulnerable packages
[netstandard2.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
[net6.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
Project `Akka.Cluster.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
Project `Akka.Remote.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
Project `Akka.Persistence.Sqlite` has the following vulnerable packages
[netstandard2.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
[net6.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
Project `Akka.Persistence.Sqlite.Tests` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `Akka.Serialization.TestKit` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Sharding` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Tools` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Tools.Tests` has no vulnerable packages given the current sources.
Project `Akka.Cluster.Sharding.Tests` has the following vulnerable packages
[net471]: No vulnerable packages for this framework.
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `Akka.Tests.Performance` has no vulnerable packages given the current sources.
The given project `Akka.Remote.Tests.Performance` has no vulnerable packages given the current sources.
The given project `Akka.Streams` has no vulnerable packages given the current sources.
The given project `Akka.Streams.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Streams.TestKit` has no vulnerable packages given the current sources.
Project `Akka.API.Tests` has the following vulnerable packages
[net471]: No vulnerable packages for this framework.
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `Akka.Streams.TestKit.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.TestKit` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Query` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Query.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Streams.Tests.Performance` has no vulnerable packages given the current sources.
Project `Akka.Persistence.Query.Sql` has the following vulnerable packages
[netstandard2.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
[net6.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
Project `Akka.Cluster.Tools.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
Project `Akka.Persistence.Sql.TestKit` has the following vulnerable packages
[netstandard2.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `Akka.Streams.Tests.TCK` has no vulnerable packages given the current sources.
Project `Akka.Cluster.Sharding.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
The given project `Akka.DistributedData` has no vulnerable packages given the current sources.
The given project `Akka.DistributedData.Tests` has no vulnerable packages given the current sources.
Project `Akka.DistributedData.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
The given project `Akka.Serialization.Hyperion` has no vulnerable packages given the current sources.
The given project `Akka.Serialization.Hyperion.Tests` has no vulnerable packages given the current sources.
The given project `Akka.TestKit.Xunit` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Tests.Performance` has no vulnerable packages given the current sources.
The given project `Akka.DistributedData.LightningDB` has no vulnerable packages given the current sources.
The given project `RemotePingPong` has no vulnerable packages given the current sources.
Project `ClusterSharding.Node` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `ChatMessages` has no vulnerable packages given the current sources.
The given project `ChatServer` has no vulnerable packages given the current sources.
The given project `ChatClient` has no vulnerable packages given the current sources.
The given project `Samples.Cluster.Simple` has no vulnerable packages given the current sources.
The given project `Samples.Cluster.Transformation` has no vulnerable packages given the current sources.
The given project `Akka.FSharp` has no vulnerable packages given the current sources.
The given project `Akka.FSharp.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Benchmarks` has no vulnerable packages given the current sources.
The given project `SpawnBenchmark` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.FSharp` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.TestKit` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.TestKit.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.TestKit.Xunit2` has no vulnerable packages given the current sources.
The given project `Akka.Docs.Tests` has no vulnerable packages given the current sources.
The given project `Akka.Docs.Tutorials` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Metrics` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Metrics.Tests` has no vulnerable packages given the current sources.
Project `Akka.Cluster.Metrics.Tests.MultiNode` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Net.Http 4.1.0 High https://github.com/advisories/GHSA-7jgj-8wvc-jh57
> System.Security.Cryptography.X509Certificates 4.1.0 High https://github.com/advisories/GHSA-7mfr-774f-w5r9
The given project `Akka.Coordination` has no vulnerable packages given the current sources.
The given project `Akka.Coordination.Tests` has no vulnerable packages given the current sources.
The given project `TcpEchoService.Server` has no vulnerable packages given the current sources.
The given project `Akka.Discovery` has no vulnerable packages given the current sources.
The given project `Akka.Discovery.Tests` has no vulnerable packages given the current sources.
The given project `Samples.Cluster.AdaptiveGroup` has no vulnerable packages given the current sources.
The given project `Samples.Cluster.Metrics` has no vulnerable packages given the current sources.
The given project `Samples.Cluster.Metrics.Common` has no vulnerable packages given the current sources.
The given project `Akka.DependencyInjection` has no vulnerable packages given the current sources.
The given project `Akka.DependencyInjection.Tests` has no vulnerable packages given the current sources.
The given project `Samples.Akka.AspNetCore` has no vulnerable packages given the current sources.
The given project `SerializationBenchmarks` has no vulnerable packages given the current sources.
The given project `DDataStressTest` has no vulnerable packages given the current sources.
Project `Akka.Cluster.Benchmarks` has the following vulnerable packages
[net8.0]:
Transitive Package Resolved Severity Advisory URL
> System.Text.RegularExpressions 4.3.0 High https://github.com/advisories/GHSA-cmhx-cq75-c4mj
The given project `ShoppingCart` has no vulnerable packages given the current sources.
The given project `HelloWorld` has no vulnerable packages given the current sources.
The given project `Akka.AspNetCore` has no vulnerable packages given the current sources.
The given project `AkkaHeadlesssService` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Custom` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Custom.Tests` has no vulnerable packages given the current sources.
The given project `AkkaWindowsService` has no vulnerable packages given the current sources.
The given project `Akka.Cluster.Cpu.Benchmark` has no vulnerable packages given the current sources.
The given project `SampleSubscriber` has no vulnerable packages given the current sources.
The given project `SamplePublisher` has no vulnerable packages given the current sources.
The given project `SampleDestination` has no vulnerable packages given the current sources.
The given project `SampleSender` has no vulnerable packages given the current sources.
The given project `PersistenceExample` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Query.InMemory` has no vulnerable packages given the current sources.
The given project `Akka.Persistence.Query.InMemory.Tests` has no vulnerable packages given the current sources.
The given project `ClusterToolsExample.Shared` has no vulnerable packages given the current sources.
The given project `ClusterToolsExample.Seed` has no vulnerable packages given the current sources.
The given project `ClusterToolsExample.Node` has no vulnerable packages given the current sources.
The text was updated successfully, but these errors were encountered:
I guess we're not done with this CVE, there are some packages that still need to be cleaned up.
The problems below are packages that are still affected after these modifications:
Source NuGet package chain
System.Net.Http 4.1.0
System.Text.RegularExpressions 4.1.0/4.3.0
System.Security.Cryptography.X509Certificates 4.1.0
Affected projects
Affected public NuGet packages:
Inconsequential affected test/sample projects:
The text was updated successfully, but these errors were encountered: