QID 982022

QID 982022: Dotnet (nuget) Security Update for Microsoft.AspNetCore.Mvc.WebApiCompatShim (GHSA-j8f4-2w4p-mhjc)

A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

CVSS V3 rated as Medium - 5.3 severity.

CVSS V2 rated as Medium - 5 severity.

Solution

Customers are advised to refer to GHSA-j8f4-2w4p-mhjc for updates pertaining to this vulnerability.

Vendor References

GHSA-j8f4-2w4p-mhjc - github.com/advisories/GHSA-j8f4-2w4p-mhjc

CVEs related to QID 982022

CVE-2017-0256 |

Software Advisories

Advisory ID	Software	Link
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Abstractions	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.ApiExplorer	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Core	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Cors	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.DataAnnotations	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Formatters.Json	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Formatters.Xml	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Localization	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Razor	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.Razor.Host	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.TagHelpers	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.ViewFeatures	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	Microsoft.AspNetCore.Mvc.WebApiCompatShim	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	System.Net.Http	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	System.Net.Http.WinHttpHandler	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	System.Net.Security	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	System.Net.WebSockets.Client	github.com/advisories/GHSA-j8f4-2w4p-mhjc
GHSA-j8f4-2w4p-mhjc	System.Text.Encodings.Web	github.com/advisories/GHSA-j8f4-2w4p-mhjc

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].