HIGH 7.5
GHSA-8884-xcr4-r68p
Improper Input Validation in Microsoft.NETCore.App
Details
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.NETCore.App
Introduced in:
1.0.0 Fixed in: 1.0.7 Fix
dotnet add package Microsoft.NETCore.App --version 1.0.7 NuGet / Microsoft.NETCore.App
Introduced in:
1.1.0 Fixed in: 1.1.4 Fix
dotnet add package Microsoft.NETCore.App --version 1.1.4 References
- https://nvd.nist.gov/vuln/detail/CVE-2017-8585 [ADVISORY]
- https://github.com/dotnet/corefx/issues/24703 [WEB]
- https://access.redhat.com/errata/RHSA-2017:3248 [WEB]
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585 [WEB]
- http://www.securityfocus.com/bid/99432 [WEB]
- http://www.securitytracker.com/id/1038864 [WEB]