Описание
Open redirect in ASP.NET Core
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Пакеты
Наименование
Microsoft.AspNetCore.All
nuget
Затронутые версииВерсия исправления
>= 2.0.0, < 2.0.3
2.0.3
Наименование
Microsoft.AspNetCore.Mvc.Core
nuget
Затронутые версииВерсия исправления
= 2.0.0
2.0.1
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
