NuGet package
system.net.http
pkg:nuget/system.net.http
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-8292 | — | < 4.3.4 | 4.3.4 | Oct 10, 2018 | An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. | ||
| CVE-2017-0256 | Med | 5.3 | >= 4.1.1, < 4.1.2 | 4.1.2 | May 12, 2017 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0249 | Hig | 7.3 | >= 4.1.1, < 4.1.2 | 4.1.2 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0248 | Hig | 7.5 | >= 4.1.1, < 4.1.2 | 4.1.2 | May 12, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2017-0247 | Hig | 7.5 | >= 4.1.1, < 4.1.2 | 4.1.2 | May 12, 2017 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc |
- CVE-2018-8292Oct 10, 2018affected < 4.3.4fixed 4.3.4
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
- affected >= 4.1.1, < 4.1.2fixed 4.1.2
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 4.1.1, < 4.1.2fixed 4.1.2
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 4.1.1, < 4.1.2fixed 4.1.2
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
- affected >= 4.1.1, < 4.1.2fixed 4.1.2
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc