MEDIUM
GHSA-ch6p-4jcm-h8vh
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Details
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.AspNetCore.Mvc
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Core
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Core --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Core
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Core --version 1.1.3 NuGet / System.Net.Http
Introduced in:
4.1.1 Fixed in: 4.1.2 Fix
dotnet add package System.Net.Http --version 4.1.2 NuGet / System.Net.Http
Introduced in:
4.3.1 Fixed in: 4.3.2 Fix
dotnet add package System.Net.Http --version 4.3.2 NuGet / System.Text.Encodings.Web
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Text.Encodings.Web --version 4.0.1 NuGet / System.Text.Encodings.Web
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Text.Encodings.Web --version 4.3.1 NuGet / System.Net.Http.WinHttpHandler
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.Http.WinHttpHandler --version 4.0.1 NuGet / System.Net.Http.WinHttpHandler
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.Http.WinHttpHandler --version 4.3.1 NuGet / System.Net.Security
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.Security --version 4.0.1 NuGet / System.Net.Security
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.Security --version 4.3.1 NuGet / System.Net.WebSockets.Client
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.WebSockets.Client --version 4.0.1 NuGet / System.Net.WebSockets.Client
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.WebSockets.Client --version 4.3.1 NuGet / Microsoft.AspNetCore.Mvc.Abstractions
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Abstractions --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Abstractions
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Abstractions --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ApiExplorer --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ApiExplorer --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Cors
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Cors --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Cors
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Cors --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.DataAnnotations --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.DataAnnotations --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Json --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Json --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Xml --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Xml --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Localization
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Localization --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Localization
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Localization --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Razor.Host
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor.Host --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Razor.Host
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor.Host --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Razor
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Razor
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.TagHelpers
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.TagHelpers --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.TagHelpers
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.TagHelpers --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ViewFeatures --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ViewFeatures --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.WebApiCompatShim --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.WebApiCompatShim --version 1.1.3