GHSA-jc8g-xhw5-6x46

Suggest an improvement
Source
https://github.com/advisories/GHSA-jc8g-xhw5-6x46
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-jc8g-xhw5-6x46/GHSA-jc8g-xhw5-6x46.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jc8g-xhw5-6x46
Aliases
Published
2018-10-16T19:59:05Z
Modified
2023-11-08T03:59:31.030847Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Improper Certificate Validation in Microsoft .NET Framework components
Details

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Database specific
{
    "nvd_published_at": "2018-01-10T01:29:00Z",
    "github_reviewed_at": "2020-06-16T21:43:03Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-295"
    ]
}
References

Affected packages

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name
Microsoft.NETCore.UniversalWindowsPlatform
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.4

Affected versions

5.*

5.2.0
5.2.1
5.2.2
5.2.3

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name
Microsoft.NETCore.UniversalWindowsPlatform
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
5.3.5

Affected versions

5.*

5.3.0
5.3.1
5.3.2
5.3.3
5.3.4

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name
Microsoft.NETCore.UniversalWindowsPlatform
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.2

Affected versions

5.*

5.4.0
5.4.1

NuGet / Microsoft.NETCore.UniversalWindowsPlatform

Package

Name
Microsoft.NETCore.UniversalWindowsPlatform
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.UniversalWindowsPlatform

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.6

Affected versions

6.*

6.0.1
6.0.2
6.0.4
6.0.5

NuGet / System.ServiceModel.Primitives

Package

Name
System.ServiceModel.Primitives
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0
4.4.1-servicing-25917-01

NuGet / System.ServiceModel.Primitives

Package

Name
System.ServiceModel.Primitives
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Primitives

Package

Name
System.ServiceModel.Primitives
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.Http

Package

Name
System.ServiceModel.Http
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Http

Package

Name
System.ServiceModel.Http
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Http

Package

Name
System.ServiceModel.Http
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.NetTcp

Package

Name
System.ServiceModel.NetTcp
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.NetTcp

Package

Name
System.ServiceModel.NetTcp
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.NetTcp

Package

Name
System.ServiceModel.NetTcp
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.1

Affected versions

4.*

4.1.0

NuGet / System.ServiceModel.Duplex

Package

Name
System.ServiceModel.Duplex
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Duplex

Package

Name
System.ServiceModel.Duplex
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Duplex

Package

Name
System.ServiceModel.Duplex
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.1
Fixed
4.0.2

Affected versions

4.*

4.0.1

NuGet / System.ServiceModel.Security

Package

Name
System.ServiceModel.Security
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0

NuGet / System.ServiceModel.Security

Package

Name
System.ServiceModel.Security
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.ServiceModel.Security

Package

Name
System.ServiceModel.Security
View open source insights on deps.dev
Purl
pkg:nuget/System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.1
Fixed
4.0.2

Affected versions

4.*

4.0.1

NuGet / System.Private.ServiceModel

Package

Name
System.Private.ServiceModel
View open source insights on deps.dev
Purl
pkg:nuget/System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.1

Affected versions

4.*

4.4.0

NuGet / System.Private.ServiceModel

Package

Name
System.Private.ServiceModel
View open source insights on deps.dev
Purl
pkg:nuget/System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.1

Affected versions

4.*

4.3.0

NuGet / System.Private.ServiceModel

Package

Name
System.Private.ServiceModel
View open source insights on deps.dev
Purl
pkg:nuget/System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
4.1.1

Affected versions

4.*

4.1.0