Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

GHSA-ch6p-4jcm-h8vh · CVE-2017-0248

Published Oct 16, 2018 · Modified Dec 5, 2024

Description

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

References

Affected Packages

NuGet/Microsoft.AspNetCore.Mvc

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Abstractions

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.ApiExplorer

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Core

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Cors

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.DataAnnotations

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Formatters.Json

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Formatters.Xml

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Localization

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Razor

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Razor.Host

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.TagHelpers

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.ViewFeatures

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/System.Net.Http

Fix 4.1.2, 4.3.2

Introduced 4.1.1, 4.3.1

2 affected versions

4.1.14.3.1

NuGet/System.Net.Http.WinHttpHandler

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Net.Security

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Net.WebSockets.Client

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Text.Encodings.Web

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes