case insensitive purl search #238

prabhu · 2025-12-17T23:51:55Z

vdb --search pkg:nuget/[email protected]                                                                                                                                                                                  (base)

             ___
  /\  ._  ._  | |_  ._ _   _. _|_
 /--\ |_) |_) | | | | (/_ (_|  |_
      |   |

                                                                                                                      VDB Results
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ CVE            ┃ Locators                                         ┃ Fix Version ┃ Description                                                                                                   ┃ Affected Symbols                                   ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CVE-2022-34716 │ pkg:nuget/[email protected] │ 6.0.1       │ ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ │                                                    │
│                │                                                  │             │ ┃                                 .NET Information Disclosure Vulnerability                                 ┃ │                                                    │
│                │                                                  │             │ ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛ │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │ Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1   │                                                    │
│                │                                                  │             │ and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to  │                                                    │
│                │                                                  │             │ remove this vulnerability.                                                                                    │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │ An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized  │                                                    │
│                │                                                  │             │ access of privileged information.                                                                             │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                               Affected software                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │  • Any .NET 6.0 application running on .NET 6.0.7 or earlier.                                                 │                                                    │
│                │                                                  │             │  • Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier.                                      │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │ If your application uses the following package versions, ensure you update to the latest version of .NET.     │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                 .NET Core 3.1                                                 │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │   Package name                                        Affected version   Patched version                      │                                                    │
│                │                                                  │             │  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━                     │                                                    │
│                │                                                  │             │   System.Security.Cryptography.Xml                    <=4.7.0            4.7.1                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-x64            >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-x64          >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-x86            >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.osx-x64            >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-x64     >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-arm64        >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-arm          >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-arm64          >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-arm            >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-arm64   >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-arm     >=3.1.0, 3.1.27    3.1.28                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                    .NET 6                                                     │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │   Package name                                        Affected version   Patched version                      │                                                    │
│                │                                                  │             │  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━                     │                                                    │
│                │                                                  │             │   System.Security.Cryptography.Xml                    >=5.0.0, 6.0.0     6.0.1                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-x64            >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-x64          >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-x86            >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.osx-x64            >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-x64     >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-arm64        >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-arm          >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-arm64          >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.win-arm            >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.osx-arm64          >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-arm64   >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │   Microsoft.AspNetCore.App.Runtime.linux-musl-arm     >=6.0.0, 6.0.7     6.0.8                                │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                    Patches                                                    │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │  • If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio  │                                                    │
│                │                                                  │             │    2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0.                                    │                                                    │
│                │                                                  │             │  • If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019      │                                                    │
│                │                                                  │             │    v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.                                         │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                     Other                                                     │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │ Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232 An Issue for   │                                                    │
│                │                                                  │             │ this can be found at https://github.com/dotnet/aspnetcore/issues/43166 MSRC details for this can be found at  │                                                    │
│                │                                                  │             │ https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716                                          │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │                                                    Aliases                                                    │                                                    │
│                │                                                  │             │                                                                                                               │                                                    │
│                │                                                  │             │ BIT-dotnet-2022-34716, BIT-dotnet-sdk-2022-34716, BIT-powershell-2022-34716, CVE-2022-34716                   │                                                    │
└────────────────┴──────────────────────────────────────────────────┴─────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────────────────────────┘

Signed-off-by: Prabhu Subramanian <[email protected]>

case insensitive purl search

5218c22

Signed-off-by: Prabhu Subramanian <[email protected]>

prabhu mentioned this pull request Dec 17, 2025

Bug: V6 no vulnerability found for pkg:nuget/[email protected] owasp-dep-scan/dep-scan#461

Closed

prabhu merged commit c5cb4bc into master Dec 17, 2025
15 checks passed

prabhu deleted the fix/case-insensitive-purl-search branch December 17, 2025 23:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

case insensitive purl search #238

case insensitive purl search #238

Uh oh!

prabhu commented Dec 17, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

case insensitive purl search #238

case insensitive purl search #238

Uh oh!

Conversation

prabhu commented Dec 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

prabhu commented Dec 17, 2025 •

edited

Loading