GHSA-3wcj-rg8q-9cqv

Source

https://github.com/advisories/GHSA-3wcj-rg8q-9cqv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3wcj-rg8q-9cqv/GHSA-3wcj-rg8q-9cqv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3wcj-rg8q-9cqv

Aliases

CVE-2017-11879

Published

2022-05-14T03:47:22Z

Modified

2023-11-08T03:58:50.693495Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Open redirect in ASP.NET Core

Details

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Database specific

{
    "nvd_published_at": "2017-11-15T03:29:00Z",
    "github_reviewed_at": "2022-07-08T19:21:47Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ]
}

References

Affected packages

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.3

Affected versions

2.*

2.0.0

NuGet / Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.1

Affected versions

2.*

2.0.0