Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2NXAtOTZxdi14cjdn
ASP.NET Core allow an elevation of privilege
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Permalink: https://github.com/advisories/GHSA-365p-96qv-xr7gJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2NXAtOTZxdi14cjdn
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-365p-96qv-xr7g, CVE-2018-0787
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0787
- https://github.com/aspnet/Announcements/issues/295
- https://github.com/advisories/GHSA-365p-96qv-xr7g
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0787
- http://www.securityfocus.com/bid/103282
- http://www.securitytracker.com/id/1040525
Affected Packages
nuget:Microsoft.AspNetCore.Server.Kestrel.Core
Dependent packages: 81Dependent repositories: 0
Downloads: 196,289,073 total
Affected Version Ranges: >= 2.0.0, <= 2.0.1
Fixed in: 2.0.2
All affected versions: 2.0.0, 2.0.1
All unaffected versions: 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.7, 2.1.25, 2.2.0
nuget:Microsoft.AspNetCore.HttpOverrides
Dependent packages: 67Dependent repositories: 0
Downloads: 154,030,234 total
Affected Version Ranges: >= 2.0.0, <= 2.0.1
Fixed in: 2.0.2
All affected versions: 2.0.0, 2.0.1
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 2.0.2, 2.0.3, 2.1.0, 2.1.1, 2.2.0