GHSA-jc8g-xhw5-6x46

Source

https://github.com/advisories/GHSA-jc8g-xhw5-6x46

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-jc8g-xhw5-6x46/GHSA-jc8g-xhw5-6x46.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-jc8g-xhw5-6x46

Aliases

CVE-2018-0786

Published

2018-10-16T19:59:05Z

Modified

2023-11-08T03:59:31.030847Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Certificate Validation in Microsoft .NET Framework components

Details

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-295"
    ],
    "github_reviewed_at": "2020-06-16T21:43:03Z",
    "nvd_published_at": "2018-01-10T01:29:00Z",
    "severity": "HIGH"
}

References

Affected packages

NuGet

Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.2.4

Affected versions

5.*

5.2.0

5.2.1

5.2.2

5.2.3

Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.3.5

Affected versions

5.*

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.4.2

Affected versions

5.*

5.4.0

5.4.1

Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.6

Affected versions

6.*

6.0.1

6.0.2

6.0.4

6.0.5

System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

4.4.1-servicing-25917-01

System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.1

Fixed

4.0.2

Affected versions

4.*

4.0.1

System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.1

Fixed

4.0.2

Affected versions

4.*

4.0.1

System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0