CVE-2018-0787 – microsoft.aspnetcore.server.kestrel.core

Package

Manager: nuget
Name: microsoft.aspnetcore.server.kestrel.core
Vulnerable Version: >=2.0.0 <2.0.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.14632 pctl0.94232

Details

ASP.NET Core allow an elevation of privilege ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".

Metadata

Created: 2018-10-16T19:56:59Z
Modified: 2022-04-26T19:06:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-365p-96qv-xr7g/GHSA-365p-96qv-xr7g.json
CWE IDs: ["CWE-640"]
Alternative ID: GHSA-365p-96qv-xr7g
Finding: F417
Auto approve: 1