GHSA-655q-9gvg-q4cm

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-655q-9gvg-q4cm/GHSA-655q-9gvg-q4cm.json
Aliases
  • CVE-2020-0603
Published
2022-05-24T17:06:16Z
Modified
2023-01-31T02:38:13.395902Z
Details

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

References

Affected packages

NuGet / Microsoft.AspNetCore.All

Microsoft.AspNetCore.All

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.15

Affected versions

2.*

2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9

NuGet / Microsoft.AspNetCore.App

Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App

Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.0.1

Affected versions

3.*

3.0.0

NuGet / Microsoft.AspNetCore.App

Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.15

Affected versions

2.*

2.1.0
2.1.1
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9

NuGet / Microsoft.AspNetCore.Http.Connections

Microsoft.AspNetCore.Http.Connections

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.0.0
Fixed
1.0.15

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4

NuGet / Microsoft.AspNetCore.App.Runtime.linux-arm

Microsoft.AspNetCore.App.Runtime.linux-arm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.linux-arm64

Microsoft.AspNetCore.App.Runtime.linux-arm64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.linux-musl-arm64

Microsoft.AspNetCore.App.Runtime.linux-musl-arm64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.linux-musl-x64

Microsoft.AspNetCore.App.Runtime.linux-musl-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.linux-x64

Microsoft.AspNetCore.App.Runtime.linux-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.osx-x64

Microsoft.AspNetCore.App.Runtime.osx-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.win-arm

Microsoft.AspNetCore.App.Runtime.win-arm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.win-x64

Microsoft.AspNetCore.App.Runtime.win-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.AspNetCore.App.Runtime.win-x86

Microsoft.AspNetCore.App.Runtime.win-x86

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.1

Affected versions

3.*

3.1.0