An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.

Affected Packages

NuGet Microsoft.NETCore.App

Affected versions: 2.1.0 (fixed in 2.1.7)

NuGet Microsoft.NETCore.App

Affected versions: 2.2.0 (fixed in 2.2.1)

Related CVEs

CVE-2019-0545

Key Information

GHSA ID

GHSA-2xjx-v99w-gqf3

Published

May 14, 2022 1:41 AM

Last Modified

July 8, 2022 7:27 PM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.NETCore.App

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.