NuGet package
microsoft.aspnetcore.mvc.cors
pkg:nuget/microsoft.aspnetcore.mvc.cors
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-8700 | Hig | 7.5 | >= 1.0.0, < 1.0.6 | 1.0.6 | Nov 15, 2017 | ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". | |
| CVE-2017-0256 | Med | 5.3 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0249 | Hig | 7.3 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0248 | Hig | 7.5 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2017-0247 | Hig | 7.5 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc |
- affected >= 1.0.0, < 1.0.6fixed 1.0.6
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc