vulnerability-testing/TestProject.csproj at a4b2a610f43e8564e0268814ba5c2858e66c94a2 · ankitha39/vulnerability-testing · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net8.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <!-- INTENTIONALLY VULNERABLE PACKAGES FOR TESTING -->

    <!-- 1. Newtonsoft.Json - OLD VERSION with CVE -->
    <PackageReference Include="Newtonsoft.Json" Version="12.0.0" />
    <!-- CVE-2024-43485: High severity -->

    <!-- 2. System.Text.Json - OLD VERSION with CVE -->
    <PackageReference Include="System.Text.Json" Version="6.0.0" />
    <!-- CVE-2024-43485: Moderate severity -->

    <!-- 3. Microsoft.Data.SqlClient - OLD VERSION with CVE -->
    <PackageReference Include="Microsoft.Data.SqlClient" Version="7.0.0" />
    <!-- CVE-2024-0056: High severity -->

    <!-- 4. System.Net.Http - OLD VERSION with CVE -->
    <PackageReference Include="System.Net.Http" Version="4.3.0" />
    <!-- CVE-2018-8292: High severity -->

    <!-- 5. Microsoft.AspNetCore.Mvc - OLD VERSION -->
    <PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.0.0" />
    <!-- Multiple CVEs -->

  </ItemGroup>

</Project>