GHSA-3wcj-rg8q-9cqv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wcj-rg8q-9cqv/GHSA-3wcj-rg8q-9cqv.json
Aliases
  • CVE-2017-11879
Published
2022-05-14T03:47:22Z
Modified
2022-11-22T01:03:16.394987Z
Details

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

References

Affected packages

NuGet / Microsoft.AspNetCore.All

Microsoft.AspNetCore.All

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.3

Affected versions

2.*

2.0.0

NuGet / Microsoft.AspNetCore.Mvc.Core

Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.0.1

Affected versions

2.*

2.0.0