aspnet/Announcements

aspnet/Announcements

Releases0

Stars1.66K

Subscribe to this repo to be notified about major changes in ASP.NET Core and Entity Framework Core

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-0787 ↗	Mar 14, 2018Wednesday, 14 March 2018, 17:29	—	6.8 MEDIUM
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
CVE-2017-0249 ↗	May 12, 2017Friday, 12 May 2017, 14:29	—	7.5 HIGH
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0256 ↗	May 12, 2017Friday, 12 May 2017, 14:29	—	5 MEDIUM
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0247 ↗	May 12, 2017Friday, 12 May 2017, 14:29	—	5 MEDIUM
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.