MEDIUM 5.9
GHSA-x5qj-9vmx-7g6g
Improper Input Validation in .Net Framework API's
Details
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.NETCore.App
Introduced in:
2.2.0 Fixed in: 2.2.2 Fix
dotnet add package Microsoft.NETCore.App --version 2.2.2 NuGet / Microsoft.NETCore.App
Introduced in:
2.1.0 Fixed in: 2.1.8 Fix
dotnet add package Microsoft.NETCore.App --version 2.1.8 NuGet / System.Private.Uri
Introduced in:
4.3.0 Fixed in: 4.3.2 Fix
dotnet add package System.Private.Uri --version 4.3.2 References
- https://nvd.nist.gov/vuln/detail/CVE-2019-0657 [ADVISORY]
- https://github.com/dotnet/announcements/issues/97 [WEB]
- https://github.com/github/advisory-database/issues/302 [WEB]
- https://access.redhat.com/errata/RHSA-2019:0349 [WEB]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 [WEB]
- http://www.securityfocus.com/bid/106890 [WEB]