CVE-2020-0603 – microsoft.aspnetcore.app.runtime.win-x64

Package

Manager: nuget
Name: microsoft.aspnetcore.app.runtime.win-x64
Vulnerable Version: >=3.1.0 <3.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.14767 pctl0.94261

Details

Remote code execution in ASP.NET Core A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

Metadata

Created: 2022-05-24T17:06:16Z
Modified: 2022-07-07T23:10:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-655q-9gvg-q4cm/GHSA-655q-9gvg-q4cm.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-655q-9gvg-q4cm
Finding: F316
Auto approve: 1