NuGet package
system.text.encodings.web
pkg:nuget/system.text.encodings.web
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-26701 | — | >= 4.0.0, < 4.5.1 | 4.5.1 | Feb 25, 2021 | .NET Core Remote Code Execution Vulnerability | ||
| CVE-2017-0256 | Med | 5.3 | >= 4.0.0, < 4.0.1 | 4.0.1 | May 12, 2017 | A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0249 | Hig | 7.3 | >= 4.0.0, < 4.0.1 | 4.0.1 | May 12, 2017 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | |
| CVE-2017-0248 | Hig | 7.5 | >= 4.0.0, < 4.0.1 | 4.0.1 | May 12, 2017 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |
| CVE-2017-0247 | Hig | 7.5 | >= 4.0.0, < 4.0.1 | 4.0.1 | May 12, 2017 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc |
- CVE-2021-26701Feb 25, 2021affected >= 4.0.0, < 4.5.1fixed 4.5.1
.NET Core Remote Code Execution Vulnerability
- affected >= 4.0.0, < 4.0.1fixed 4.0.1
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 4.0.0, < 4.0.1fixed 4.0.1
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
- affected >= 4.0.0, < 4.0.1fixed 4.0.1
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
- affected >= 4.0.0, < 4.0.1fixed 4.0.1
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc