Trivy Report 產製時間:2026-05-11 13:32:53

掃描路徑:D:\待辦\GIT\RADSite-Code

CRITICAL
1
HIGH
42
MEDIUM
36
LOW
3

Vulnerabilities 漏洞掃描結果

importCode/Hyweb.UmbracoCMS.ImportData.Backend/packages.config

Vulnerability IDPackageSeverityInstalledTitle
CVE-2026-32933 AutoMapperHIGH3.0.0
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-33170 Microsoft.AspNet.Identity.OwinHIGH2.2.1
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.OwinHIGH3.1.0
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.OwinHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.CookiesHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.JsonHIGH6.0.8
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLibHIGH0.86.0
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLibMEDIUM0.86.0
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.CoreHIGH7.4.3
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.CoreMEDIUM7.4.3
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.CoreMEDIUM7.4.3
Umbraco CMS vulnerable to CSRF

importCode/Hyweb.UmbracoCMS.ImportData.Business/packages.config

Vulnerability IDPackageSeverityInstalledTitle
CVE-2026-32933 AutoMapperHIGH3.3.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizerLOW3.4.156
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.OwinHIGH2.2.1
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.OwinHIGH3.1.0
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.OwinHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.CookiesHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.JsonHIGH10.0.2
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLibHIGH0.86.0
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLibMEDIUM0.86.0
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.CoreHIGH7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to CSRF
CVE-2018-1285 log4netCRITICAL2.0.8
Apache log4net versions before 2.0.10 do not disable XML external enti ...
CVE-2026-40021 log4netMEDIUM2.0.8
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...

importCode/Hyweb.UmbracoCMS.ImportData.Core/packages.config

Vulnerability IDPackageSeverityInstalledTitle
CVE-2026-32933 AutoMapperHIGH3.0.0
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-33170 Microsoft.AspNet.Identity.OwinHIGH2.2.1
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.OwinHIGH3.1.0
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.OwinHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.CookiesHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.JsonHIGH6.0.8
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLibHIGH0.86.0
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLibMEDIUM0.86.0
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2020-9471 UmbracoCms.CoreHIGH7.4.3
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.CoreMEDIUM7.4.3
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.CoreMEDIUM7.4.3
Umbraco CMS vulnerable to CSRF

src/HRD.Extend/packages.config

Vulnerability IDPackageSeverityInstalledTitle
CVE-2026-32933 AutoMapperHIGH3.3.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizerLOW3.4.156
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.OwinHIGH2.2.1
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.OwinHIGH3.1.0
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.OwinHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.CookiesHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.JsonHIGH10.0.2
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLibHIGH1.0.0
Path Traversal in SharpZipLib
CVE-2021-32842 SharpZipLibMEDIUM1.0.0
Path Traversal in SharpZipLib
CVE-2018-8292 System.Net.HttpHIGH4.3.3
Core: information disclosure due to authentication information exposed in a redirect
CVE-2020-9471 UmbracoCms.CoreHIGH7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to CSRF
CVE-2026-40021 log4netMEDIUM2.0.17
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...

src/HRD.Web/packages.config

Vulnerability IDPackageSeverityInstalledTitle
CVE-2026-32933 AutoMapperHIGH3.3.1
AutoMapper Vulnerable to Denial of Service (DoS) via Uncontrolled Recursion
CVE-2023-44390 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
CVE-2026-25543 HtmlSanitizerMEDIUM3.4.156
HtmlSanitizer has a bypass via template tag
CVE-2020-26293 HtmlSanitizerLOW3.4.156
XSS in HtmlSanitizer
CVE-2023-33170 Microsoft.AspNet.Identity.OwinHIGH2.2.1
dotnet: race condition in Core SignInManager PasswordSignInAsync method
CVE-2020-1045 Microsoft.OwinHIGH3.1.0
dotnet: ASP.NET cookie prefix spoofing vulnerability
CVE-2022-29117 Microsoft.OwinHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2022-29117 Microsoft.Owin.Security.CookiesHIGH3.1.0
dotnet: malicious content causes high CPU and memory usage
CVE-2024-21907 Newtonsoft.JsonHIGH10.0.2
Improper Handling of Exceptional Conditions in Newtonsoft.Json
CVE-2021-32840 SharpZipLibHIGH0.86.0
Path Traversal in SharpZipLib
CVE-2018-1002208 SharpZipLibMEDIUM0.86.0
SharpZipLib before 1.0 RC1 is vulnerable to directory traversal, allow ...
CVE-2018-8292 System.Net.HttpHIGH4.3.3
Core: information disclosure due to authentication information exposed in a redirect
CVE-2020-29454 UmbracoCmsMEDIUM7.10.4
Incorrect permission enforcement in UmbracoCms
CVE-2020-5811 UmbracoCmsMEDIUM7.10.4
Authenticated path traversal in Umbraco CMS
CVE-2020-9472 UmbracoCmsMEDIUM7.10.4
Unrestricted Upload of File with Dangerous Type in Umbraco CMS
CVE-2020-9471 UmbracoCms.CoreHIGH7.10.4
Umbraco CMS Authenticated File Upload
CVE-2020-5809 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to stored XSS
CVE-2020-7210 UmbracoCms.CoreMEDIUM7.10.4
Umbraco CMS vulnerable to CSRF
CVE-2016-10735 bootstrapMEDIUM3.0.0
bootstrap: XSS in the data-target attribute
CVE-2018-14040 bootstrapMEDIUM3.0.0
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
CVE-2018-14042 bootstrapMEDIUM3.0.0
bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip
CVE-2018-20676 bootstrapMEDIUM3.0.0
bootstrap: XSS in the tooltip data-viewport attribute
CVE-2018-20677 bootstrapMEDIUM3.0.0
bootstrap: XSS in the affix configuration target property
CVE-2019-8331 bootstrapMEDIUM3.0.0
bootstrap: XSS in the tooltip or popover data-template attribute
CVE-2015-9251 jQueryMEDIUM1.10.2
jquery: Cross-site scripting via cross-domain ajax requests
CVE-2019-11358 jQueryMEDIUM1.10.2
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
CVE-2020-11023 jQueryMEDIUM1.10.2
jquery: Untrusted code execution via
CVE-2026-40021 log4netMEDIUM2.0.17
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/ ...