GHSA-p9wx-v264-q34p

Source

https://github.com/advisories/GHSA-p9wx-v264-q34p

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9wx-v264-q34p/GHSA-p9wx-v264-q34p.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p9wx-v264-q34p

Aliases

CVE-2018-8356

Published

2022-05-14T03:00:10Z

Modified

2023-11-08T04:00:27.420543Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Certificate Validation in Microsoft .NET Framework components

Details

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

Database specific

{
    "nvd_published_at": "2018-07-11T00:29:00Z",
    "github_reviewed_at": "2022-07-08T19:23:06Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-295"
    ]
}

References

Affected packages

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.Private.ServiceModel

Package

Name: System.Private.ServiceModel; View open source insights on deps.dev
Purl: pkg:nuget/System.Private.ServiceModel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Duplex

Package

Name: System.ServiceModel.Duplex; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Duplex

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.4

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.0.1-beta-23516

4.0.1-rc2-24027

4.0.1

4.0.2

4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Http

Package

Name: System.ServiceModel.Http; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.10-beta-22605

4.0.10-beta-22816

4.0.10-beta-23019

4.0.10-beta-23109

4.0.10

4.0.11-beta-23225

4.0.11-beta-23409

4.0.11-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.NetTcp

Package

Name: System.ServiceModel.NetTcp; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.NetTcp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1-servicing-25917-01

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Primitives

Package

Name: System.ServiceModel.Primitives; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Primitives

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.1.3

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.1.0-beta-23516

4.1.0-rc2-24027

4.1.0

4.1.1

4.1.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3.0

Fixed

4.3.3

Affected versions

4.*

4.3.0

4.3.1

4.3.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.4

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / System.ServiceModel.Security

Package

Name: System.ServiceModel.Security; View open source insights on deps.dev
Purl: pkg:nuget/System.ServiceModel.Security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.4

Affected versions

4.*

4.0.0

4.0.1-beta-23225

4.0.1-beta-23409

4.0.1-beta-23516

4.0.1-rc2-24027

4.0.1

4.0.2

4.0.3

Database specific

{
    "last_known_affected_version_range": "<= 4.0.2"
}