CVE-2020-1045 – microsoft.aspnetcore.app.runtime.win-x64

Package

Manager: nuget
Name: microsoft.aspnetcore.app.runtime.win-x64
Vulnerable Version: >=3.1.0 <3.1.8

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.1419 pctl0.94137

Details

Cookie parsing failure A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

Metadata

Created: 2022-05-24T17:27:57Z
Modified: 2022-07-07T23:06:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hxrm-9w7p-39cc/GHSA-hxrm-9w7p-39cc.json
CWE IDs: []
Alternative ID: GHSA-hxrm-9w7p-39cc
Finding: F042
Auto approve: 1