GHSA-2m65-m22p-9wjw – microsoft.aspnetcore.app.runtime.osx-x64

Package

Manager: nuget
Name: microsoft.aspnetcore.app.runtime.osx-x64
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: .NET Information Disclosure Vulnerability # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vh55-786g-wjwj. This link is maintained to preserve external references. # Original Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ## Affected software * Any .NET 6.0 application running on .NET 6.0.7 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier. ## Patches * If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.

Metadata

Created: 2022-08-10T00:00:18Z
Modified: 2024-04-02T19:01:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-2m65-m22p-9wjw/GHSA-2m65-m22p-9wjw.json
CWE IDs: []
Alternative ID: N/A
Finding: N/A
Auto approve: 0