Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOGcteGh3NS02eDQ2
Improper Certificate Validation in Microsoft .NET Framework components
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
Permalink: https://github.com/advisories/GHSA-jc8g-xhw5-6x46JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOGcteGh3NS02eDQ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 6 years ago
Updated: almost 2 years ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Identifiers: GHSA-jc8g-xhw5-6x46, CVE-2018-0786
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-0786
- https://github.com/dotnet/announcements/issues/51
- https://github.com/github/advisory-database/issues/302
- https://github.com/advisories/GHSA-jc8g-xhw5-6x46
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786
- https://www.nuget.org/packages/System.ServiceModel.Duplex#versions-body-tab
Blast Radius: 1.0
Affected Packages
nuget:System.ServiceModel.Duplex
Dependent packages: 267Dependent repositories: 0
Downloads: 166,668,967 total
Affected Version Ranges: = 4.0.1, = 4.3.0, = 4.4.0
Fixed in: 4.0.2, 4.3.1, 4.4.1
All affected versions: 4.0.1, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.0.2, 4.0.3, 4.0.4, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.ServiceModel.Security
Dependent packages: 293Dependent repositories: 0
Downloads: 187,239,800 total
Affected Version Ranges: = 4.0.1, = 4.3.0, = 4.4.0
Fixed in: 4.0.2, 4.3.1, 4.4.1
All affected versions: 4.0.1, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.0.2, 4.0.3, 4.0.4, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0
nuget:System.Private.ServiceModel
Dependent packages: 50Dependent repositories: 0
Downloads: 352,728,514 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3
nuget:System.ServiceModel.NetTcp
Dependent packages: 295Dependent repositories: 0
Downloads: 175,745,555 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:System.ServiceModel.Http
Dependent packages: 448Dependent repositories: 0
Downloads: 244,471,265 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.0.10, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0, 8.1.0
nuget:System.ServiceModel.Primitives
Dependent packages: 695Dependent repositories: 0
Downloads: 392,528,249 total
Affected Version Ranges: = 4.1.0, = 4.3.0, = 4.4.0
Fixed in: 4.1.1, 4.3.1, 4.4.1
All affected versions: 4.1.0, 4.3.0, 4.4.0
All unaffected versions: 3.9.0, 4.0.0, 4.1.1, 4.1.2, 4.1.3, 4.3.1, 4.3.2, 4.3.3, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.6.0, 4.7.0, 4.8.0, 4.8.1, 4.9.0, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 6.0.0, 6.1.0, 6.2.0, 8.0.0
nuget:Microsoft.NETCore.UniversalWindowsPlatform
Dependent packages: 439Dependent repositories: 0
Downloads: 14,797,516 total
Affected Version Ranges: >= 5.3.0, < 5.3.5, >= 6.0.0, < 6.0.6, >= 5.4.0, < 5.4.2, >= 5.2.0, < 5.2.4
Fixed in: 5.3.5, 6.0.6, 5.4.2, 5.2.4
All affected versions: 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.4.0, 5.4.1, 6.0.1, 6.0.2, 6.0.4, 6.0.5
All unaffected versions: 5.0.0, 5.1.0, 5.2.4, 5.2.6, 5.2.9, 5.3.5, 5.3.7, 5.3.10, 5.4.2, 5.4.4, 5.4.7, 6.0.6, 6.0.7, 6.0.8, 6.0.10, 6.0.12, 6.0.15, 6.1.2, 6.1.4, 6.1.5, 6.1.7, 6.1.9, 6.1.12, 6.2.2, 6.2.3, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14