Microsoft.NETCore.App
NuGet10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting Microsoft.NETCore.Apppage 1 of 1
- CVE-2017-11770HIGHCVSS 7.5EG 7.5✓ Fixed in 2.0.32017-11-15
vulnerable: 1.0.0 ... 2.0.0-preview2-25407-01 (33 versions)
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core …
- CVE-2017-8585HIGHCVSS 7.5EG 7.5✓ Fixed in 1.1.42017-07-11
vulnerable: 1.1.0, 1.1.1, 1.1.2
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
- CVE-2018-8416MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.1.72018-11-14
vulnerable: 2.1.0 ... 2.1.6 (7 versions)
A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1.
- CVE-2019-0545HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.12019-01-08
vulnerable: 2.2.0
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .N…
- CVE-2019-0564HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.72019-01-08
vulnerable: 2.1.0 ... 2.1.6 (7 versions)
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.
- CVE-2019-0657MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.1.82019-03-05
vulnerable: 2.1.0 ... 2.1.7 (8 versions)
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
- CVE-2020-1108HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.182020-05-21
vulnerable: 2.1.0 ... 2.1.9 (18 versions)
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
- CVE-2020-1147HIGHCVSS 7.8EG 9.0⚠ KEV✓ Fixed in 2.1.202020-07-14
vulnerable: 2.1.0 ... 2.1.9 (20 versions)
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote …
- CVE-2021-1721MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.1.252021-02-25
vulnerable: 2.1.0 ... 2.1.9 (25 versions)
.NET Core and Visual Studio Denial of Service Vulnerability
- CVE-2021-34485MEDIUMCVSS 5.0EG 5.0✓ Fixed in 2.1.292021-08-12
vulnerable: 2.1.0 ... 2.1.9 (29 versions)
.NET Core and Visual Studio Information Disclosure Vulnerability
Check whether Microsoft.NETCore.App is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Microsoft.NETCore.App CVEs against the assets you own.
Start Free Scan →