GHSA-365p-96qv-xr7g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-365p-96qv-xr7g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-365p-96qv-xr7g/GHSA-365p-96qv-xr7g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-365p-96qv-xr7g
- Aliases
- Published
- 2018-10-16T19:56:59Z
- Modified
- 2023-11-08T03:59:31.092789Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ASP.NET Core allow an elevation of privilege
- Details
-
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T20:54:14Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-640" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-0787
- https://github.com/aspnet/Announcements/issues/295
- https://github.com/advisories/GHSA-365p-96qv-xr7g
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
- http://www.securityfocus.com/bid/103282
- http://www.securitytracker.com/id/1040525
Affected packages
NuGet / Microsoft.AspNetCore.HttpOverrides
Package
- Name
- Microsoft.AspNetCore.HttpOverrides
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.AspNetCore.HttpOverrides
NuGet / Microsoft.AspNetCore.Server.Kestrel.Core
Package
- Name
- Microsoft.AspNetCore.Server.Kestrel.Core
- View open source insights on deps.dev
- Purl
- pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core