GHSA-7jgj-8wvc-jh57
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7jgj-8wvc-jh57
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-7jgj-8wvc-jh57/GHSA-7jgj-8wvc-jh57.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7jgj-8wvc-jh57
- Aliases
- Published
- 2021-04-21T19:16:06Z
- Modified
- 2023-11-08T04:00:26.990614Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- .NET Core Information Disclosure
- Details
-
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
- Database specific
{ "nvd_published_at": null, "severity": "HIGH", "cwe_ids": [ "CWE-200" ], "github_reviewed": true, "github_reviewed_at": "2021-04-21T19:15:50Z" }- References
Affected packages
NuGet / System.Net.Http
Package
- Name
- System.Net.Http
- View open source insights on deps.dev
- Purl
- pkg:nuget/System.Net.Http
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.4
Affected versions
2.*
2.0.20126.16343
2.0.20505
2.0.20710
4.*
4.0.0-beta-22231
4.0.0-beta-22416
4.0.0-beta-22605
4.0.0-beta-22816
4.0.0-beta-23019
4.0.0-beta-23109
4.0.0
4.0.1-beta-23225
4.0.1-beta-23409
4.0.1-beta-23516
4.0.1-rc2-24027
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.3.0-preview1-24530-04
4.3.0
4.3.1
4.3.2
4.3.3