GHSA-jc8g-xhw5-6x46

Source

https://github.com/advisories/GHSA-jc8g-xhw5-6x46

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-jc8g-xhw5-6x46/GHSA-jc8g-xhw5-6x46.json

Aliases

CVE-2018-0786

Published

2018-10-16T19:59:05Z

Modified

2023-11-08T03:59:31.030847Z

Details

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

References

Affected packages

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.2.0

Fixed

5.2.4

Affected versions

5.*

5.2.0

5.2.1

5.2.2

5.2.3

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.3.5

Affected versions

5.*

5.3.0

5.3.1

5.3.2

5.3.3

5.3.4

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.4.0

Fixed

5.4.2

Affected versions

5.*

5.4.0

5.4.1

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name: Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.6

Affected versions

6.*

6.0.1

6.0.2

6.0.4

6.0.5

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

4.4.1-servicing-25917-01

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.1

Fixed

4.0.2

Affected versions

4.*

4.0.1

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.1

Fixed

4.0.2

Affected versions

4.*

4.0.1

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.1

Affected versions

4.*

4.4.0

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.1

Affected versions

4.*

4.3.0

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.1

Affected versions

4.*

4.1.0