Trivy Report 產製時間:2026-05-11 13:32:53

掃描路徑:D:\待辦\GIT\RADSite-Code

CRITICAL
1
HIGH
42
MEDIUM
36
LOW
3

Vulnerabilities 漏洞掃描結果

importCode/Hyweb.UmbracoCMS.ImportData.Backend/packages.config

Vulnerability ID Package Severity Installed Fixed Title
CVE-2026-32933 AutoMapper HIGH 3.0.0 16.1.1, 15.1.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-33170 Microsoft.AspNet.Identity.Owin HIGH 2.2.1 2.2.4
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.Owin HIGH 3.1.0 4.1.1
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.Owin HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.Cookies HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.Json HIGH 6.0.8 13.0.1
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLib HIGH 0.86.0 1.3.3
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLib MEDIUM 0.86.0 1.0.0-rc1
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.Core HIGH 7.4.3
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.Core MEDIUM 7.4.3
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.Core MEDIUM 7.4.3 8.5.0
Umbraco CMS vulnerable to CSRF

importCode/Hyweb.UmbracoCMS.ImportData.Business/packages.config

Vulnerability ID Package Severity Installed Fixed Title
CVE-2026-32933 AutoMapper HIGH 3.3.1 16.1.1, 15.1.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizer MEDIUM 3.4.156 8.0.723, 8.1.722-beta
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizer MEDIUM 3.4.156 9.0.892, 9.1.893-beta
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizer LOW 3.4.156 5.0.372
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.Owin HIGH 2.2.1 2.2.4
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.Owin HIGH 3.1.0 4.1.1
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.Owin HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.Cookies HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.Json HIGH 10.0.2 13.0.1
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLib HIGH 0.86.0 1.3.3
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLib MEDIUM 0.86.0 1.0.0-rc1
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.Core HIGH 7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.Core MEDIUM 7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.Core MEDIUM 7.10.4 8.5.0
Umbraco CMS vulnerable to CSRF
CVE-2018-1285 log4net CRITICAL 2.0.8 2.0.10
Apache log4net versions before 2.0.10 do not disable XML external enti ...
CVE-2026-40021 log4net MEDIUM 2.0.8 3.3.0
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...

importCode/Hyweb.UmbracoCMS.ImportData.Core/packages.config

Vulnerability ID Package Severity Installed Fixed Title
CVE-2026-32933 AutoMapper HIGH 3.0.0 16.1.1, 15.1.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-33170 Microsoft.AspNet.Identity.Owin HIGH 2.2.1 2.2.4
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.Owin HIGH 3.1.0 4.1.1
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.Owin HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.Cookies HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.Json HIGH 6.0.8 13.0.1
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLib HIGH 0.86.0 1.3.3
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLib MEDIUM 0.86.0 1.0.0-rc1
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.Core HIGH 7.4.3
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.Core MEDIUM 7.4.3
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.Core MEDIUM 7.4.3 8.5.0
Umbraco CMS vulnerable to CSRF

src/HRD.Extend/packages.config

Vulnerability ID Package Severity Installed Fixed Title
CVE-2026-32933 AutoMapper HIGH 3.3.1 16.1.1, 15.1.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizer MEDIUM 3.4.156 8.0.723, 8.1.722-beta
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizer MEDIUM 3.4.156 9.0.892, 9.1.893-beta
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizer LOW 3.4.156 5.0.372
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.Owin HIGH 2.2.1 2.2.4
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.Owin HIGH 3.1.0 4.1.1
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.Owin HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.Cookies HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.Json HIGH 10.0.2 13.0.1
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLib HIGH 1.0.0 1.3.3
Path Traversal in SharpZipLib
CVE-2021-32842 SharpZipLib MEDIUM 1.0.0 1.3.3
Path Traversal in SharpZipLib
CVE-2018-8292 System.Net.Http HIGH 4.3.3 4.3.4
Core: information disclosure due to authentication information exposed in a redirect
CVE-2020-9471 UmbracoCms.Core HIGH 7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.Core MEDIUM 7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.Core MEDIUM 7.10.4 8.5.0
Umbraco CMS vulnerable to CSRF
CVE-2026-40021 log4net MEDIUM 2.0.17 3.3.0
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...

src/HRD.Web/packages.config

Vulnerability ID Package Severity Installed Fixed Title
CVE-2026-32933 AutoMapper HIGH 3.3.1 16.1.1, 15.1.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizer MEDIUM 3.4.156 8.0.723, 8.1.722-beta
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizer MEDIUM 3.4.156 9.0.892, 9.1.893-beta
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizer LOW 3.4.156 5.0.372
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.Owin HIGH 2.2.1 2.2.4
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.Owin HIGH 3.1.0 4.1.1
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.Owin HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.Cookies HIGH 3.1.0 4.2.2
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.Json HIGH 10.0.2 13.0.1
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLib HIGH 0.86.0 1.3.3
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLib MEDIUM 0.86.0 1.0.0-rc1
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2018-8292 System.Net.Http HIGH 4.3.3 4.3.4
Core: information disclosure due to authentication information exposed in a redirect
CVE-2020-29454 UmbracoCms MEDIUM 7.10.4 8.10.0
Incorrect permission enforcement in UmbracoCms
CVE-2020-5811 UmbracoCms MEDIUM 7.10.4 8.9.2
Authenticated path traversal in Umbraco CMS
CVE-2020-9472 UmbracoCms MEDIUM 7.10.4 8.5.4
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
CVE-2020-9471 UmbracoCms.Core HIGH 7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.Core MEDIUM 7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.Core MEDIUM 7.10.4 8.5.0
Umbraco CMS vulnerable to CSRF
CVE-2016-10735 bootstrap MEDIUM 3.0.0 3.4.0, 4.0.0-beta.2
bootstrap: XSS in the data-target attribute
CVE-2018-14040 bootstrap MEDIUM 3.0.0 3.4.0, 4.1.2
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
CVE-2018-14042 bootstrap MEDIUM 3.0.0 4.1.2, 3.4.0
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
CVE-2018-20676 bootstrap MEDIUM 3.0.0 3.4.0
bootstrap: XSS in the tooltip data-viewport attribute
CVE-2018-20677 bootstrap MEDIUM 3.0.0 3.4.0
bootstrap: XSS in the affix configuration target property
CVE-2019-8331 bootstrap MEDIUM 3.0.0 4.3.1, 3.4.1
bootstrap: XSS in the tooltip or popover data-template attribute
CVE-2015-9251 jQuery MEDIUM 1.10.2 1.12.2, 3.0.0
jquery: Cross-site scripting via cross-domain ajax requests
CVE-2019-11358 jQuery MEDIUM 1.10.2 3.4.0
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
CVE-2020-11023 jQuery MEDIUM 1.10.2 3.5.0
jquery: Untrusted code execution via
CVE-2026-40021 log4net MEDIUM 2.0.17 3.3.0
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...