Microsoft.aspnetcore.mvc.core

This hub aggregates every CVE we track for Microsoft.aspnetcore.mvc.core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 6 most recently published vulnerabilities affecting Microsoft.aspnetcore.mvc.core.

• CVE-2017-8700ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Inf...7.5Nov 15, 2017
• CVE-2017-11879ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".8.8Nov 15, 2017
• CVE-2017-0247A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncode...7.5May 12, 2017
• CVE-2017-0249An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.7.3May 12, 2017
• CVE-2017-0248Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specifi...7.5May 12, 2017
• CVE-2017-0256A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.5.3May 12, 2017