Launch Week Day 1: Announcing Security Design Review

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc

GHSA-j8f4-2w4p-mhjc · CVE-2017-0256

Published Oct 16, 2018 · Modified Nov 8, 2023

Description

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

References

5.3 / 10

MEDIUM CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Packages

NuGet/Microsoft.AspNetCore.Mvc

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Abstractions

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.ApiExplorer

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Core

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Cors

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.DataAnnotations

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Formatters.Json

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Formatters.Xml

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Localization

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Razor

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.Razor.Host

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.TagHelpers

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.ViewFeatures

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Fix 1.0.4, 1.1.3

Introduced 1.0.0, 1.1.0

7 affected versions

1.0.01.0.11.0.21.0.31.1.01.1.11.1.2

NuGet/System.Net.Http

Fix 4.1.2, 4.3.2

Introduced 4.1.1, 4.3.1

2 affected versions

4.1.14.3.1

NuGet/System.Net.Http.WinHttpHandler

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Net.Security

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Net.WebSockets.Client

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

NuGet/System.Text.Encodings.Web

Fix 4.0.1, 4.3.1

Introduced 4.0.0, 4.3.0

2 affected versions

4.0.04.3.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes