HIGH 7.5

GHSA-8884-xcr4-r68p

Improper Input Validation in Microsoft.NETCore.App

상세

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

NuGet / Microsoft.NETCore.App

최초 영향 버전: 1.0.0 수정 버전: 1.0.7

수정 dotnet add package Microsoft.NETCore.App --version 1.0.7

NuGet / Microsoft.NETCore.App

최초 영향 버전: 1.1.0 수정 버전: 1.1.4

수정 dotnet add package Microsoft.NETCore.App --version 1.1.4

참고

https://nvd.nist.gov/vuln/detail/CVE-2017-8585 [ADVISORY]
https://github.com/dotnet/corefx/issues/24703 [WEB]
https://access.redhat.com/errata/RHSA-2017:3248 [WEB]
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585 [WEB]
http://www.securityfocus.com/bid/99432 [WEB]
http://www.securitytracker.com/id/1038864 [WEB]