CVE-2023-36558

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-36558
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36558.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-36558
Aliases
Downstream
Related
Published
2023-11-14T22:15:29.323Z
Modified
2026-03-11T15:17:42.969653Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

ASP.NET Core Security Feature Bypass Vulnerability

References

Affected packages

Git / github.com/dotnet/core

Affected ranges

Type
GIT
Repo
https://github.com/dotnet/core
Events
Introduced
ee849590a02cc5cd61eff18aa64bf985ec45124d
Fixed
d78b3180414d35d6c7d136db753474e2ae2b33df
Introduced
63772e2191a750dd3cafa75914cacdb038c7520c
Fixed
d78b3180414d35d6c7d136db753474e2ae2b33df
Introduced
ee849590a02cc5cd61eff18aa64bf985ec45124d
Fixed
d78b3180414d35d6c7d136db753474e2ae2b33df
Introduced
63772e2191a750dd3cafa75914cacdb038c7520c
Fixed
d78b3180414d35d6c7d136db753474e2ae2b33df
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d78b3180414d35d6c7d136db753474e2ae2b33df
Database specific 
{
    "versions": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.25"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.14"
        },
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.25"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.0-NA"
        }
    ]
}

Affected versions

v3.*
v3.1.21
v3.1.22
v3.1.23
v3.1.24
v3.1.25
v3.1.26
v3.1.27
v3.1.28
v3.1.29
v3.1.30
v3.1.31
v3.1.32
v5.*
v5.0.12
v5.0.13
v5.0.14
v5.0.15
v5.0.16
v5.0.17
v6.*
v6.0.0
v6.0.1
v6.0.10
v6.0.11
v6.0.12
v6.0.13
v6.0.14
v6.0.15
v6.0.16
v6.0.18
v6.0.19
v6.0.2
v6.0.20
v6.0.21
v6.0.22
v6.0.23
v6.0.24
v6.0.3
v6.0.4
v6.0.5
v6.0.6
v6.0.7
v6.0.8
v6.0.9
v7.*
v7.0.0
v7.0.0-preview.1
v7.0.0-preview.2
v7.0.0-preview.3
v7.0.0-preview.4
v7.0.0-preview.5
v7.0.0-preview.6
v7.0.0-preview.7
v7.0.0-rc.1
v7.0.0-rc.2
v7.0.1
v7.0.10
v7.0.11
v7.0.12
v7.0.13
v7.0.2
v7.0.3
v7.0.4
v7.0.5
v7.0.7
v7.0.8
v7.0.9
v8.*
v8.0.0-preview.1
v8.0.0-preview.2
v8.0.0-preview.3
v8.0.0-preview.4
v8.0.0-preview.5
v8.0.0-preview.6
v8.0.0-preview.7
v8.0.0-rc.1
v8.0.0-rc.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36558.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.0-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0.0-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.2"
            },
            {
                "fixed": "17.2.22"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.4"
            },
            {
                "fixed": "17.4.14"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.6"
            },
            {
                "fixed": "17.6.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.7"
            },
            {
                "fixed": "17.7.7"
            }
        ]
    }
]