Описание
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
A flaw was found in dotNET where the CORS attribute is not properly enforced or checked. An attacker could leverage this for possible remote execution.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 1.0 on Red Hat Enterprise Linux | rh-dotnetcore10-dotnetcore | Not affected | ||
| .NET Core 1.1 on Red Hat Enterprise Linux | rh-dotnetcore11-dotnetcore | Not affected | ||
| .NET Core 2.0 on Red Hat Enterprise Linux | rh-dotnet20-dotnet | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1512998ASP.NET: CORS not properly applied
8.7 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
CVSS3: 7.5
github
около 3 лет назад
Cross-origin Resource Sharing bypass in ASP.NET Core
8.7 High
CVSS3