GHSA-ch6p-4jcm-h8vh

Source

https://github.com/advisories/GHSA-ch6p-4jcm-h8vh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ch6p-4jcm-h8vh

Aliases

CVE-2017-0248

Published

2018-10-16T19:58:52Z

Modified

2024-12-05T05:37:59.757189Z

Summary

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

Details

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

Database specific

{
    "cwe_ids": [
        "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:44Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}

References

Affected packages

NuGet

Microsoft.AspNetCore.Mvc

Package

Name: Microsoft.AspNetCore.Mvc; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc

Package

Name: Microsoft.AspNetCore.Mvc; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Http

Package

Name: System.Net.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.1

Fixed

4.1.2

Affected versions

4.*

4.1.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Http

Package

Name: System.Net.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.1

Fixed

4.3.2

Affected versions

4.*

4.3.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Text.Encodings.Web

Package

Name: System.Text.Encodings.Web; View open source insights on deps.dev
Purl: pkg:nuget/System.Text.Encodings.Web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Text.Encodings.Web

Package

Name: System.Text.Encodings.Web; View open source insights on deps.dev
Purl: pkg:nuget/System.Text.Encodings.Web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Http.WinHttpHandler

Package

Name: System.Net.Http.WinHttpHandler; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http.WinHttpHandler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Http.WinHttpHandler

Package

Name: System.Net.Http.WinHttpHandler; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http.WinHttpHandler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Security

Package

Name: System.Net.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.Security

Package

Name: System.Net.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.WebSockets.Client

Package

Name: System.Net.WebSockets.Client; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.WebSockets.Client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

System.Net.WebSockets.Client

Package

Name: System.Net.WebSockets.Client; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.WebSockets.Client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Abstractions

Package

Name: Microsoft.AspNetCore.Mvc.Abstractions; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Abstractions

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Abstractions

Package

Name: Microsoft.AspNetCore.Mvc.Abstractions; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Abstractions

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.ApiExplorer

Package

Name: Microsoft.AspNetCore.Mvc.ApiExplorer; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ApiExplorer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.ApiExplorer

Package

Name: Microsoft.AspNetCore.Mvc.ApiExplorer; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ApiExplorer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Cors

Package

Name: Microsoft.AspNetCore.Mvc.Cors; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Cors

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Cors

Package

Name: Microsoft.AspNetCore.Mvc.Cors; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Cors

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.DataAnnotations

Package

Name: Microsoft.AspNetCore.Mvc.DataAnnotations; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.DataAnnotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.DataAnnotations

Package

Name: Microsoft.AspNetCore.Mvc.DataAnnotations; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.DataAnnotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Formatters.Json

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Json; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Json

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Formatters.Json

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Json; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Json

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Formatters.Xml

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Xml; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Formatters.Xml

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Xml; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Localization

Package

Name: Microsoft.AspNetCore.Mvc.Localization; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Localization

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Localization

Package

Name: Microsoft.AspNetCore.Mvc.Localization; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Localization

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Razor.Host

Package

Name: Microsoft.AspNetCore.Mvc.Razor.Host; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor.Host

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Razor.Host

Package

Name: Microsoft.AspNetCore.Mvc.Razor.Host; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor.Host

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Razor

Package

Name: Microsoft.AspNetCore.Mvc.Razor; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.Razor

Package

Name: Microsoft.AspNetCore.Mvc.Razor; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.TagHelpers

Package

Name: Microsoft.AspNetCore.Mvc.TagHelpers; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.TagHelpers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.TagHelpers

Package

Name: Microsoft.AspNetCore.Mvc.TagHelpers; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.TagHelpers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.ViewFeatures

Package

Name: Microsoft.AspNetCore.Mvc.ViewFeatures; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ViewFeatures

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.ViewFeatures

Package

Name: Microsoft.AspNetCore.Mvc.ViewFeatures; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ViewFeatures

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.WebApiCompatShim

Package

Name: Microsoft.AspNetCore.Mvc.WebApiCompatShim; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"

Microsoft.AspNetCore.Mvc.WebApiCompatShim

Package

Name: Microsoft.AspNetCore.Mvc.WebApiCompatShim; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json"