HIGH 7.3
GHSA-qhqf-ghgh-x2m4
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
Details
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.AspNetCore.Mvc
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Core
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Core --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Core
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Core --version 1.1.3 NuGet / System.Net.Http
Introduced in:
4.1.1 Fixed in: 4.1.2 Fix
dotnet add package System.Net.Http --version 4.1.2 NuGet / System.Net.Http
Introduced in:
4.3.1 Fixed in: 4.3.2 Fix
dotnet add package System.Net.Http --version 4.3.2 NuGet / System.Text.Encodings.Web
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Text.Encodings.Web --version 4.0.1 NuGet / System.Text.Encodings.Web
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Text.Encodings.Web --version 4.3.1 NuGet / System.Net.Http.WinHttpHandler
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.Http.WinHttpHandler --version 4.0.1 NuGet / System.Net.Http.WinHttpHandler
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.Http.WinHttpHandler --version 4.3.1 NuGet / System.Net.Security
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.Security --version 4.0.1 NuGet / System.Net.Security
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.Security --version 4.3.1 NuGet / System.Net.WebSockets.Client
Introduced in:
4.0.0 Fixed in: 4.0.1 Fix
dotnet add package System.Net.WebSockets.Client --version 4.0.1 NuGet / System.Net.WebSockets.Client
Introduced in:
4.3.0 Fixed in: 4.3.1 Fix
dotnet add package System.Net.WebSockets.Client --version 4.3.1 NuGet / Microsoft.AspNetCore.Mvc.Abstractions
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Abstractions --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Abstractions
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Abstractions --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ApiExplorer --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ApiExplorer --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Cors
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Cors --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Cors
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Cors --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.DataAnnotations --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.DataAnnotations --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Json --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Json --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Xml --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Formatters.Xml --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Localization
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Localization --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Localization
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Localization --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Razor.Host
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor.Host --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Razor.Host
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor.Host --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.Razor
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.Razor
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.Razor --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.TagHelpers
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.TagHelpers --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.TagHelpers
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.TagHelpers --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ViewFeatures --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.ViewFeatures --version 1.1.3 NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim
Introduced in:
1.0.0 Fixed in: 1.0.4 Fix
dotnet add package Microsoft.AspNetCore.Mvc.WebApiCompatShim --version 1.0.4 NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim
Introduced in:
1.1.0 Fixed in: 1.1.3 Fix
dotnet add package Microsoft.AspNetCore.Mvc.WebApiCompatShim --version 1.1.3 NuGet / DisCatSharp
Introduced in:
0 No fixed version published yet for DisCatSharp (nuget). Pin to a known-safe version or switch to an alternative.