GHSA-w4x6-hh3x-wjrx

Source

https://github.com/advisories/GHSA-w4x6-hh3x-wjrx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-w4x6-hh3x-wjrx/GHSA-w4x6-hh3x-wjrx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w4x6-hh3x-wjrx

Published

2023-12-11T21:47:14Z

Modified

2024-11-28T05:30:32.662097Z

Summary

Stale copy of the public suffix list

Details

We have identified that this project contains an out-of-date version of the Public Suffix List (https://publicsuffix.org/). We are carrying out research to identify the potential impacts of using old versions of the Public Suffix List, and we intend to publish our results in academic conferences and journals. Our results will become publicly available after 21 days; this provides time to update your project with an up-to-date version of the Public Suffix List.

GitHub repository: gsemac/Gsemac.Common Public Suffix List path: src/Gsemac.Net/Resources/publicsuffixlist.dat

The Public Suffix List is regularly updated (generally a few times per week), and to ensure that the correct privacy boundaries are maintained between websites, applications that use it should routinely fetch an updated copy. If new suffixes are added to the list, and an old list is then used, privacy boundaries will not be constructed correctly, allowing for data (e.g., cookies) to be set incorrectly, potentially harming privacy.

There is further guidance on how the Public Suffix List should be used in ICANN’s “Advisory on the Use of Static TLD / Suffix Lists” at https://www.icann.org/en/system/files/files/sac-070-en.pdf.

If you have any questions about our research, or about usage of the Public Suffix List, please reply via e-mail to sm@smcquistin.uk.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-11T21:47:14Z"
}

References

Affected packages

NuGet / Gsemac.Net

Package

Name: Gsemac.Net; View open source insights on deps.dev
Purl: pkg:nuget/Gsemac.Net

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.38.2

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.2.0

0.2.1

0.2.2

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.7.1

0.7.2

0.8.0

0.8.1

0.8.2

0.9.0

0.11.0

0.12.0

0.12.1

0.13.0

0.13.1

0.13.2

0.14.0

0.14.1

0.15.0

0.15.1

0.15.2

0.15.3

0.15.4

0.16.0

0.16.1

0.16.2

0.16.3

0.17.0

0.17.1

0.17.2

0.17.3

0.17.4

0.17.5

0.17.6

0.17.7

0.17.8

0.17.9

0.18.0

0.19.0

0.20.0

0.21.0

0.22.0

0.23.0

0.23.1

0.23.2

0.24.0

0.24.1

0.25.0

0.25.1

0.26.0

0.27.0

0.28.0

0.28.1

0.29.0

0.30.0

0.31.0

0.31.1

0.31.2

0.32.0

0.33.0

0.33.1

0.33.2

0.34.0

0.34.1

0.35.0

0.35.1

0.35.2

0.36.0

0.36.1

0.37.0

0.38.0

0.38.1