System.net.http
This hub aggregates every CVE we track for System.net.http, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting System.net.http.
- CVE-2018-8292An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affect...7.5
- CVE-2017-0249An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.7.3
- CVE-2017-0248Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specifi...7.5
- CVE-2017-0256A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.5.3
- CVE-2017-0247A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncode...7.5
Product normalization is registry-driven with AI assist and human review. How it works