Moderate severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-34485

Description

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.NETCore.AppNuGet	>= 2.1.0, < 2.1.29	2.1.29
Microsoft.NETCore.App.Runtime.linux-armNuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.osx-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.rhel.6-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-armNuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-arm64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-x64NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.win-x86NuGet	>= 3.1.0, < 3.1.18	3.1.18
Microsoft.NETCore.App.Runtime.linux-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.Mono.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.osx-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-armNuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-arm64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-x64NuGet	>= 5.0.0, < 5.0.9	5.0.9
Microsoft.NETCore.App.Runtime.win-x86NuGet	>= 5.0.0, < 5.0.9	5.0.9

Affected products

Microsoft/Netv5
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*
Range: 5.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-vgwq-hfqc-58wvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-34485ghsaADVISORY
github.com/dotnet/announcements/issues/196ghsaWEB
github.com/dotnet/runtime/security/advisories/GHSA-vgwq-hfqc-58wvghsaWEB
github.com/github/advisory-database/issues/741ghsaWEB
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34485ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000