VYPR

NuGet package

microsoft.aspnetcore.http

pkg:nuget/microsoft.aspnetcore.http

Vulnerabilities (1)

  • CVE-2020-1045Sep 11, 2020
    affected < 2.1.22fixed 2.1.22

    A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.<