Fatal编程技术网
  • .net-core/
  • .net core CVE-2017-0249特权问题的提升

.net core CVE-2017-0249特权问题的提升

.net-core asp.net-core-mvc

.net core CVE-2017-0249特权问题的提升,.net-core,asp.net-core-mvc,.net Core,Asp.net Core Mvc,我们使用VS2015在asp.net core 1.1版本上开发了我们的应用程序 We are facing Elevation of Privilege issue for `System.Net.Security` 4.3.0 in my application while deploying build using Jenkins. So I have created a direct dependency for `System.Net.Security` by changing its

我们使用VS2015在asp.net core 1.1版本上开发了我们的应用程序

We are facing Elevation of Privilege issue for `System.Net.Security` 4.3.0 in my application while deploying build using Jenkins. So I have created a direct dependency for `System.Net.Security` by changing its version to 4.3.1 from 4.3.0 in `project.json` file as below,

But I am still facing Elevation of Privilege issue with new warning messages for runtime/win/unix
 paths of System.Net.Security.

What I see is in project.lock.json is that version 4.3.1 is not getting reflected after adding direct dependency in project.json as seen below,
我希望project.lock.json文件自动更新为4.3.1版本,但这并没有发生

Please let me know if I need to make any additional changes apart of adding direct dependency.
Project.json project.lock.json 我应该能够修复这个构建问题,并且应该能够使用jenkins部署构建

 "netcoreapp1.1": {
     "dependencies": {
     "Microsoft.NETCore.App": {
     "type": "platform",
     "version": "1.1.0"
     },
     "System.Net.Security": "4.3.1"
     }
     }

 "System.Net.Security/4.3.1": {
     "type": "package",
     "dependencies": {
     "Microsoft.NETCore.Platforms": "1.1.0",
     "Microsoft.Win32.Primitives": "4.3.0",
     "System.Collections": "4.3.0",
     "System.Collections.Concurrent": "4.3.0",
     "System.Diagnostics.Tracing": "4.3.0",
     "System.Globalization": "4.3.0",
     "System.Globalization.Extensions": "4.3.0",
     "System.IO": "4.3.0",
     "System.Net.Primitives": "4.3.0",
     "System.Resources.ResourceManager": "4.3.0",
     "System.Runtime": "4.3.0",
     "System.Runtime.Extensions": "4.3.0",
     "System.Runtime.Handles": "4.3.0",
     "System.Runtime.InteropServices": "4.3.0",
     "System.Security.Claims": "4.3.0",
     "System.Security.Cryptography.Algorithms": "4.3.0",
     "System.Security.Cryptography.Encoding": "4.3.0",
     "System.Security.Cryptography.OpenSsl": "4.3.0",
     "System.Security.Cryptography.Primitives": "4.3.0",
     "System.Security.Cryptography.X509Certificates": "4.3.0",
     "System.Security.Principal": "4.3.0",
     "System.Text.Encoding": "4.3.0",
     "System.Threading": "4.3.0",
     "System.Threading.Tasks": "4.3.0",
     "System.Threading.ThreadPool": "4.3.0",
     "runtime.native.System": "4.3.0",
     "runtime.native.System.Net.Security": "4.3.0",
     "runtime.native.System.Security.Cryptography.OpenSsl": "4.3.0"
     },
     "compile": {
     "ref/netstandard1.3/System.Net.Security.dll": {}
     },
     "runtimeTargets": {
     "runtimes/unix/lib/netstandard1.6/System.Net.Security.dll": {
     "assetType": "runtime",
     "rid": "unix"
     },
     "runtimes/win/lib/netstandard1.3/System.Net.Security.dll": {
     "assetType": "runtime",
     "rid": "win"
     }
     }
     }