High severity7.5NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026
CVE-2017-8700
CVE-2017-8700
Description
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.Mvc.CoreNuGet | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.AspNetCore.Mvc.CoreNuGet | >= 1.1.0, < 1.1.6 | 1.1.6 |
Microsoft.AspNetCore.Mvc.CorsNuGet | >= 1.0.0, < 1.0.6 | 1.0.6 |
Microsoft.AspNetCore.Mvc.CorsNuGet | >= 1.1.0, < 1.1.6 | 1.1.6 |
Affected products
4cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:asp.net_core:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:asp.net_core:2.0:*:*:*:*:*:*:*
- Microsoft Corporation/ASP.NET Corev5Range: ASP.NET Core 1.0, 1.1, and 2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700nvdIssue TrackingPatchVendor AdvisoryWEB
- www.securityfocus.com/bid/101712nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039793nvdIssue TrackingThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-3rp6-rjw4-cq39ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-8700ghsaADVISORY
- github.com/aspnet/Announcements/issues/279ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
News mentions
0No linked articles in our index yet.