GHSA-655q-9gvg-q4cm
GitHub Security Advisory
Remote code execution in ASP.NET Core
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
Affected Packages
NuGet
Microsoft.AspNetCore.All
Affected versions:
2.1.0
(fixed in 2.1.15)
NuGet
Microsoft.AspNetCore.App
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App
Affected versions:
3.0.0
(fixed in 3.0.1)
NuGet
Microsoft.AspNetCore.App
Affected versions:
2.1.0
(fixed in 2.1.15)
NuGet
Microsoft.AspNetCore.Http.Connections
Affected versions:
1.0.0
(fixed in 1.0.15)
NuGet
Microsoft.AspNetCore.App.Runtime.linux-arm
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.linux-arm64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.linux-musl-x64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.linux-x64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.osx-x64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.win-arm
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.win-x64
Affected versions:
3.1.0
(fixed in 3.1.1)
NuGet
Microsoft.AspNetCore.App.Runtime.win-x86
Affected versions:
3.1.0
(fixed in 3.1.1)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 29, 2025 6:37 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.