GHSA-p9wx-v264-q34p

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9wx-v264-q34p/GHSA-p9wx-v264-q34p.json
Aliases
  • CVE-2018-8356
Published
2022-05-14T03:00:10Z
Modified
2022-09-21T03:44:49.891194Z
Details

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

References

Affected packages

NuGet / System.Private.ServiceModel

System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.3

Affected versions

4.*

4.0.0
4.0.1-beta-23225
4.0.1-beta-23409
4.1.0
4.1.0-beta-23516
4.1.0-rc2-24027
4.1.1
4.1.2

NuGet / System.Private.ServiceModel

System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.Private.ServiceModel

System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

NuGet / System.Private.ServiceModel

System.Private.ServiceModel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.Duplex

System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.ServiceModel.Duplex

System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

NuGet / System.ServiceModel.Duplex

System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.Duplex

System.ServiceModel.Duplex

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.4

Affected versions

4.*

4.0.0
4.0.1
4.0.1-beta-23225
4.0.1-beta-23409
4.0.1-beta-23516
4.0.1-rc2-24027
4.0.2
4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}

NuGet / System.ServiceModel.Http

System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.ServiceModel.Http

System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

NuGet / System.ServiceModel.Http

System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.Http

System.ServiceModel.Http

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.3

Affected versions

4.*

4.0.0
4.0.10
4.0.10-beta-22605
4.0.10-beta-22816
4.0.10-beta-23019
4.0.10-beta-23109
4.0.11-beta-23225
4.0.11-beta-23409
4.0.11-beta-23516
4.1.0
4.1.0-rc2-24027
4.1.1
4.1.2

NuGet / System.ServiceModel.NetTcp

System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.ServiceModel.NetTcp

System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

NuGet / System.ServiceModel.NetTcp

System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.NetTcp

System.ServiceModel.NetTcp

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.3

Affected versions

4.*

4.0.0
4.0.1-beta-23225
4.0.1-beta-23409
4.1.0
4.1.0-beta-23516
4.1.0-rc2-24027
4.1.1
4.1.2

NuGet / System.ServiceModel.Primitives

System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.ServiceModel.Primitives

System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.1-servicing-25917-01
4.4.2
4.4.3

NuGet / System.ServiceModel.Primitives

System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.Primitives

System.ServiceModel.Primitives

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.1.3

Affected versions

4.*

4.0.0
4.0.1-beta-23225
4.0.1-beta-23409
4.1.0
4.1.0-beta-23516
4.1.0-rc2-24027
4.1.1
4.1.2

NuGet / System.ServiceModel.Security

System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.3.0
Fixed
4.3.3

Affected versions

4.*

4.3.0
4.3.1
4.3.2

NuGet / System.ServiceModel.Security

System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.4.0
Fixed
4.4.4

Affected versions

4.*

4.4.0
4.4.1
4.4.2
4.4.3

NuGet / System.ServiceModel.Security

System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.3

Affected versions

4.*

4.5.0
4.5.1
4.5.2

NuGet / System.ServiceModel.Security

System.ServiceModel.Security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Fixed
4.0.4

Affected versions

4.*

4.0.0
4.0.1
4.0.1-beta-23225
4.0.1-beta-23409
4.0.1-beta-23516
4.0.1-rc2-24027
4.0.2
4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}