Moderate severityNVD Advisory· Published Jul 15, 2019· Updated Aug 4, 2024
CVE-2019-1075
CVE-2019-1075
Description
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.AppNuGet | >= 2.2.0, < 2.2.6 | 2.2.6 |
Microsoft.AspNetCore.AppNuGet | >= 2.1.0, < 2.1.12 | 2.1.12 |
Microsoft.AspNetCore.AllNuGet | >= 2.2.0, < 2.2.6 | 2.2.6 |
Microsoft.AspNetCore.AllNuGet | >= 2.1.0, < 2.1.12 | 2.1.12 |
Microsoft.AspNetCore.Server.IISNuGet | >= 2.2.0, < 2.2.6 | 2.2.6 |
Microsoft.AspNetCore.Server.HttpSysNuGet | >= 2.2.0, < 2.2.6 | 2.2.6 |
Microsoft.AspNetCore.Server.HttpSysNuGet | >= 2.1.0, < 2.1.12 | 2.1.12 |
Affected products
5- ghsa-coords4 versionspkg:nuget/microsoft.aspnetcore.allpkg:nuget/microsoft.aspnetcore.apppkg:nuget/microsoft.aspnetcore.server.httpsyspkg:nuget/microsoft.aspnetcore.server.iis
>= 2.2.0, < 2.2.6+ 3 more
- (no CPE)range: >= 2.2.0, < 2.2.6
- (no CPE)range: >= 2.2.0, < 2.2.6
- (no CPE)range: >= 2.2.0, < 2.2.6
- (no CPE)range: >= 2.2.0, < 2.2.6
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-prrf-397v-83xhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1075ghsaADVISORY
- github.com/aspnet/Announcements/issues/373ghsaWEB
- github.com/github/advisory-database/issues/302ghsaWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.