Adds CVE-2019-1302

* Announcement: aspnet/Announcements#384 * Discussion: dotnet/aspnetcore#13859
RetireNet · Oct 18, 2019 · 6539255 · 6539255
1 parent bd10dbd
commit 6539255
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 16 deletions.
diff --git a/Content/17.json b/Content/17.json
@@ -0,0 +1,21 @@
+{
+  "link": "https://github.com/aspnet/Announcements/issues/384",
+  "description": "Microsoft Security Advisory CVE-2019-1302: ASP.NET Core Elevation Of Privilege Vulnerability",
+  "packages": [
+    {
+      "id": "Microsoft.AspNetCore.SpaServices",
+      "affected": "2.1.0",
+      "fix": "2.1.2"
+    },
+    {
+      "id": "Microsoft.AspNetCore.SpaServices",
+      "affected": "2.1.1",
+      "fix": "2.1.2"
+    },
+    {
+      "id": "Microsoft.AspNetCore.SpaServices",
+      "affected": "2.2.0",
+      "fix": "2.2.1"
+    }
+  ]
+}
diff --git a/ContentTool/HardCodedFiles.cs b/ContentTool/HardCodedFiles.cs
@@ -10,25 +10,15 @@ public static JsonFile GetOctober2019()
         {
             var jsonFile = new JsonFile
             {
-                Link = "https://github.com/aspnet/Announcements/issues/385",
-                Description = "Microsoft Security Advisory CVE-2018-8269: Denial of Service Vulnerability in OData"
+                Link = "https://github.com/aspnet/Announcements/issues/384",
+                Description = "Microsoft Security Advisory CVE-2019-1302: ASP.NET Core Elevation Of Privilege Vulnerability"
             };
 
 
-            var r1 = new Recommendation("Microsoft.AspNetCore.All")
-                .InsteadOf("2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.1.5", "2.1.6", "2.1.7", "2.1.8", "2.1.9", "2.1.10", "2.1.11", "2.1.12").Prefer("2.1.13")
-                .InsteadOf("2.2.0", "2.2.1", "2.2.2", "2.2.3", "2.2.4", "2.2.5", "2.2.6").Prefer("2.2.7");
-            jsonFile.Packages.AddRange(r1.Packages);
-
-            var r2 = new Recommendation("Microsoft.AspNetCore.DataProtection.AzureStorage")
-                .InsteadOf("2.1.1").Prefer("2.1.2")
+            var r1 = new Recommendation("Microsoft.AspNetCore.SpaServices")
+                .InsteadOf("2.1.0", "2.1.1").Prefer("2.1.2")
                 .InsteadOf("2.2.0").Prefer("2.2.1");
-
-            var r3 = new Recommendation("Microsoft.Data.OData")
-                .InsteadOf("5.0.1", "5.0.2", "5.1.0", "5.2.0", "5.3.0", "5.4.0", "5.5.0", "5.6.0", "5.6.1", "5.6.2", "5.6.3", "5.6.4", "5.7.0").Prefer("5.8.4");
-
-            jsonFile.Packages.AddRange(r2.Packages);
-            jsonFile.Packages.AddRange(r3.Packages);
+            jsonFile.Packages.AddRange(r1.Packages);
             return jsonFile;
         }
 

diff --git a/index.json b/index.json
@@ -15,6 +15,7 @@
 		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/13.json",
 		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/14.json",
 		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/15.json",
-		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/16.json"
+		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/16.json",
+		"https://raw.githubusercontent.com/RetireNet/Packages/master/Content/17.json"
 	]
 }