GHSA-ch6p-4jcm-h8vh

Source

https://github.com/advisories/GHSA-ch6p-4jcm-h8vh

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-ch6p-4jcm-h8vh/GHSA-ch6p-4jcm-h8vh.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ch6p-4jcm-h8vh

Aliases

CVE-2017-0248

Published

2018-10-16T19:58:52Z

Modified

2024-12-05T05:37:59.757189Z

Summary

Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core

Details

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:31:44Z"
}

References

Affected packages

NuGet / Microsoft.AspNetCore.Mvc

Package

Name: Microsoft.AspNetCore.Mvc; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc

Package

Name: Microsoft.AspNetCore.Mvc; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Core

Package

Name: Microsoft.AspNetCore.Mvc.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / System.Net.Http

Package

Name: System.Net.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.1

Fixed

4.1.2

Affected versions

4.*

4.1.1

NuGet / System.Net.Http

Package

Name: System.Net.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.1

Fixed

4.3.2

Affected versions

4.*

4.3.1

NuGet / System.Text.Encodings.Web

Package

Name: System.Text.Encodings.Web; View open source insights on deps.dev
Purl: pkg:nuget/System.Text.Encodings.Web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

NuGet / System.Text.Encodings.Web

Package

Name: System.Text.Encodings.Web; View open source insights on deps.dev
Purl: pkg:nuget/System.Text.Encodings.Web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.Net.Http.WinHttpHandler

Package

Name: System.Net.Http.WinHttpHandler; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http.WinHttpHandler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

NuGet / System.Net.Http.WinHttpHandler

Package

Name: System.Net.Http.WinHttpHandler; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Http.WinHttpHandler

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.Net.Security

Package

Name: System.Net.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

NuGet / System.Net.Security

Package

Name: System.Net.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.Net.WebSockets.Client

Package

Name: System.Net.WebSockets.Client; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.WebSockets.Client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.1

Affected versions

4.*

4.0.0

NuGet / System.Net.WebSockets.Client

Package

Name: System.Net.WebSockets.Client; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.WebSockets.Client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / Microsoft.AspNetCore.Mvc.Abstractions

Package

Name: Microsoft.AspNetCore.Mvc.Abstractions; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Abstractions

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Abstractions

Package

Name: Microsoft.AspNetCore.Mvc.Abstractions; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Abstractions

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer

Package

Name: Microsoft.AspNetCore.Mvc.ApiExplorer; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ApiExplorer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.ApiExplorer

Package

Name: Microsoft.AspNetCore.Mvc.ApiExplorer; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ApiExplorer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Cors

Package

Name: Microsoft.AspNetCore.Mvc.Cors; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Cors

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Cors

Package

Name: Microsoft.AspNetCore.Mvc.Cors; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Cors

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations

Package

Name: Microsoft.AspNetCore.Mvc.DataAnnotations; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.DataAnnotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.DataAnnotations

Package

Name: Microsoft.AspNetCore.Mvc.DataAnnotations; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.DataAnnotations

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Json; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Json

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Formatters.Json

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Json; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Json

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Xml; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Formatters.Xml

Package

Name: Microsoft.AspNetCore.Mvc.Formatters.Xml; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Formatters.Xml

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Localization

Package

Name: Microsoft.AspNetCore.Mvc.Localization; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Localization

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Localization

Package

Name: Microsoft.AspNetCore.Mvc.Localization; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Localization

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Razor.Host

Package

Name: Microsoft.AspNetCore.Mvc.Razor.Host; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor.Host

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Razor.Host

Package

Name: Microsoft.AspNetCore.Mvc.Razor.Host; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor.Host

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.Razor

Package

Name: Microsoft.AspNetCore.Mvc.Razor; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.Razor

Package

Name: Microsoft.AspNetCore.Mvc.Razor; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.Razor

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.TagHelpers

Package

Name: Microsoft.AspNetCore.Mvc.TagHelpers; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.TagHelpers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.TagHelpers

Package

Name: Microsoft.AspNetCore.Mvc.TagHelpers; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.TagHelpers

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures

Package

Name: Microsoft.AspNetCore.Mvc.ViewFeatures; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ViewFeatures

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.ViewFeatures

Package

Name: Microsoft.AspNetCore.Mvc.ViewFeatures; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.ViewFeatures

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2

NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim

Package

Name: Microsoft.AspNetCore.Mvc.WebApiCompatShim; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.0.4

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

NuGet / Microsoft.AspNetCore.Mvc.WebApiCompatShim

Package

Name: Microsoft.AspNetCore.Mvc.WebApiCompatShim; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Mvc.WebApiCompatShim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.1.3

Affected versions

1.*

1.1.0

1.1.1

1.1.2