Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOGcteGh3NS02eDQ2
Improper Certificate Validation in Microsoft .NET Framework components
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Permalink: https://github.com/advisories/GHSA-jc8g-xhw5-6x46JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOGcteGh3NS02eDQ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-jc8g-xhw5-6x46, CVE-2018-0786
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0786
- https://github.com/dotnet/announcements/issues/51
- https://github.com/github/advisory-database/issues/302
- https://github.com/advisories/GHSA-jc8g-xhw5-6x46
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
- https://www.nuget.org/packages/System.ServiceModel.Duplex#versions-body-tab
Blast Radius: 1.0
Affected Packages
nuget:System.ServiceModel.Duplex
Dependent packages: 0Dependent repositories: 0
Downloads: 134,689,898 total
Affected Version Ranges: = 4.0.1, = 4.3.0, = 4.4.0
Fixed in: 4.0.2, 4.3.1, 4.4.1
All affected versions: 4.0.1, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.0.2, 4.0.3, 4.0.4, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Security
Dependent packages: 0Dependent repositories: 0
Downloads: 153,102,327 total
Affected Version Ranges: = 4.0.1, = 4.3.0, = 4.4.0
Fixed in: 4.0.2, 4.3.1, 4.4.1
All affected versions: 4.0.1, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.0.2, 4.0.3, 4.0.4, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.Private.ServiceModel
Dependent packages: 0Dependent repositories: 0
Downloads: 298,155,809 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3
nuget:System.ServiceModel.NetTcp
Dependent packages: 0Dependent repositories: 0
Downloads: 143,694,247 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.Http
Dependent packages: 0Dependent repositories: 0
Downloads: 194,379,773 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.Primitives
Dependent packages: 0Dependent repositories: 0
Downloads: 315,813,961 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:Microsoft.NETCore.UniversalWindowsPlatform
Dependent packages: 0Dependent repositories: 0
Downloads: 13,939,661 total
Affected Version Ranges: >= 5.3.0, < 5.3.5, >= 6.0.0, < 6.0.6, >= 5.4.0, < 5.4.2, >= 5.2.0, < 5.2.4
Fixed in: 5.3.5, 6.0.6, 5.4.2, 5.2.4
All affected versions: 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 6.0.1, 6.0.2, 6.0.4, 6.0.5
All unaffected versions: 5.0.0, 5.1.0, 5.2.4, 5.2.6, 5.2.9, 5.3.5, 5.3.7, 5.3.10, 5.4.2, 5.4.4, 5.4.7, 6.0.6, 6.0.7, 6.0.8, 6.0.10, 6.0.12, 6.0.15, 6.1.2, 6.1.4, 6.1.5, 6.1.7, 6.1.9, 6.1.12, 6.2.2, 6.2.3, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14