NuGet package
microsoft.aspnetcore.mvc.taghelpers
pkg:nuget/microsoft.aspnetcore.mvc.taghelpers
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-0256 | Med | 5.3 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0249 | Hig | 7.3 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0248 | Hig | 7.5 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2017-0247 | Hig | 7.5 | >= 1.0.0, < 1.0.4 | 1.0.4 | May 12, 2017 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc |
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
- affected >= 1.0.0, < 1.0.4fixed 1.0.4
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc