GHSA-3wcj-rg8q-9cqv

Source

https://github.com/advisories/GHSA-3wcj-rg8q-9cqv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wcj-rg8q-9cqv/GHSA-3wcj-rg8q-9cqv.json

Aliases

CVE-2017-11879

Published

2022-05-14T03:47:22Z

Modified

2023-11-08T03:58:50.693495Z

Details

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

References

https://nvd.nist.gov/vuln/detail/CVE-2017-11879
https://github.com/aspnet/Announcements/issues/277
https://github.com/github/advisory-database/issues/302
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879

Affected packages

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.3

Affected versions

2.*

2.0.0

NuGet / Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.1

Affected versions

2.*

2.0.0