HIGH 7.8
GHSA-g5vf-38cp-4px9
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
Details
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.NETCore.App
Introduced in:
2.1.0 Fixed in: 2.1.20 Fix
dotnet add package Microsoft.NETCore.App --version 2.1.20 NuGet / Microsoft.NETCore.App.Runtime.linux-arm
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.linux-arm --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.linux-arm64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.linux-arm64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.linux-musl-arm64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.linux-musl-arm64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.linux-musl-x64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.linux-musl-x64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.linux-x64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.linux-x64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.osx-x64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.osx-x64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.rhel.6-x64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.rhel.6-x64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.win-arm
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.win-arm --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.win-arm64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.win-arm64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.win-x64
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.win-x64 --version 3.1.6 NuGet / Microsoft.NETCore.App.Runtime.win-x86
Introduced in:
3.1.0 Fixed in: 3.1.6 Fix
dotnet add package Microsoft.NETCore.App.Runtime.win-x86 --version 3.1.6 References
- https://nvd.nist.gov/vuln/detail/CVE-2020-1147 [ADVISORY]
- https://github.com/dotnet/announcements/issues/159 [WEB]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 [WEB]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1147 [WEB]
- https://www.exploitalert.com/view-details.html?id=35992 [WEB]
- http://packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html [WEB]
- http://packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html [WEB]
- http://packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html [WEB]