An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

Affected Packages

NuGet System.Net.Http

Affected versions: 0 (fixed in 4.3.4)

Related CVEs

CVE-2018-8292

Key Information

GHSA ID

GHSA-7jgj-8wvc-jh57

Published

April 21, 2021 7:16 PM

Last Modified

April 21, 2021 7:15 PM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

System.Net.Http

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.