HIGH
GHSA-655q-9gvg-q4cm
Remote code execution in ASP.NET Core
Details
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.AspNetCore.All
Introduced in:
2.1.0 Fixed in: 2.1.15 Fix
dotnet add package Microsoft.AspNetCore.All --version 2.1.15 NuGet / Microsoft.AspNetCore.App
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App --version 3.1.1 NuGet / Microsoft.AspNetCore.App
Introduced in:
3.0.0 Fixed in: 3.0.1 Fix
dotnet add package Microsoft.AspNetCore.App --version 3.0.1 NuGet / Microsoft.AspNetCore.App
Introduced in:
2.1.0 Fixed in: 2.1.15 Fix
dotnet add package Microsoft.AspNetCore.App --version 2.1.15 NuGet / Microsoft.AspNetCore.Http.Connections
Introduced in:
1.0.0 Fixed in: 1.0.15 Fix
dotnet add package Microsoft.AspNetCore.Http.Connections --version 1.0.15 NuGet / Microsoft.AspNetCore.App.Runtime.linux-arm
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.linux-arm --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.linux-arm64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.linux-arm64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.linux-musl-x64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.linux-musl-x64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.linux-x64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.linux-x64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.osx-x64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.osx-x64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.win-arm
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.win-arm --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.win-x64
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.win-x64 --version 3.1.1 NuGet / Microsoft.AspNetCore.App.Runtime.win-x86
Introduced in:
3.1.0 Fixed in: 3.1.1 Fix
dotnet add package Microsoft.AspNetCore.App.Runtime.win-x86 --version 3.1.1 References
- https://nvd.nist.gov/vuln/detail/CVE-2020-0603 [ADVISORY]
- https://github.com/aspnet/Announcements/issues/403 [WEB]
- https://github.com/github/advisory-database/issues/302 [WEB]
- https://access.redhat.com/errata/RHSA-2020:0130 [WEB]
- https://access.redhat.com/errata/RHSA-2020:0134 [WEB]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 [WEB]