CVE-2017-0249
UNKNOWN
Published 2017-05-12T14:00:00
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-0249. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
HIGH
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
GHSA-qhqf-ghgh-x2m4Advisory Details
See https://nvd.nist.gov/vuln/detail/CVE-2017-0249 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0249
Affected Packages
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Core
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
System.Net.Http
ECOSYSTEM:
≥4.1.1
<4.1.2
NuGet
System.Net.Http
ECOSYSTEM:
≥4.3.1
<4.3.2
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Text.Encodings.Web
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Http.WinHttpHandler
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.Security
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.0.0
<4.0.1
NuGet
System.Net.WebSockets.Client
ECOSYSTEM:
≥4.3.0
<4.3.1
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Abstractions
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ApiExplorer
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Cors
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.DataAnnotations
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Json
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Formatters.Xml
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Localization
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor.Host
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.Razor
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.TagHelpers
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.ViewFeatures
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.0.0
<1.0.4
NuGet
Microsoft.AspNetCore.Mvc.WebApiCompatShim
ECOSYSTEM:
≥1.1.0
<1.1.3
NuGet
DisCatSharp
ECOSYSTEM:
≥0
≤9.8.3
CVSS Scoring
CVSS Score
7.5
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References
Advisory provided by GitHub Security Advisory Database. Published: October 16, 2018, Modified: October 8, 2021
Published: 2017-05-12T14:00:00
Last Modified: 2024-08-05T12:55:19.336Z
Copied to clipboard!