HIGH 8.8

GHSA-3wcj-rg8q-9cqv

Open redirect in ASP.NET Core

상세

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

NuGet / Microsoft.AspNetCore.All

최초 영향 버전: 2.0.0 수정 버전: 2.0.3

수정 dotnet add package Microsoft.AspNetCore.All --version 2.0.3

NuGet / Microsoft.AspNetCore.Mvc.Core

최초 영향 버전: 2.0.0 수정 버전: 2.0.1

수정 dotnet add package Microsoft.AspNetCore.Mvc.Core --version 2.0.1

참고

https://nvd.nist.gov/vuln/detail/CVE-2017-11879 [ADVISORY]
https://github.com/aspnet/Announcements/issues/277 [WEB]
https://github.com/github/advisory-database/issues/302 [WEB]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879 [WEB]