NuGet package
microsoft.aspnetcore.http
pkg:nuget/microsoft.aspnetcore.http
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-1045 | — | < 2.1.22 | 2.1.22 | Sep 11, 2020 | A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.< |
- CVE-2020-1045Sep 11, 2020affected < 2.1.22fixed 2.1.22
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.<