CVE-2024-50353: ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired.
Users not implemented SAS Uri’s are unaffected.
References
- github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage
- github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff
- github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv
- github.com/advisories/GHSA-24mc-gc52-47jv
- nvd.nist.gov/vuln/detail/CVE-2024-50353
Code Behaviors & Features
Detect and mitigate CVE-2024-50353 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →