CVE-2021-26701 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113 due to how text encoding is performed in the System.Text.Encodings.Web package, caused by a buffer overrun.
Group Package Affected Fixed Severity Status Ticket
AVG-1701 dotnet-runtime-3.1, dotnet-sdk-3.1 3.1.12.sdk112-3 3.1.13.sdk113-1 High Fixed
AVG-1698 dotnet-runtime, dotnet-sdk 5.0.3.sdk103-2 5.0.4.sdk104-1 High Fixed FS#69317
Date Advisory Group Package Severity Type
25 Mar 2021 ASA-202103-23 AVG-1701 dotnet-sdk-3.1 High arbitrary code execution
25 Mar 2021 ASA-202103-22 AVG-1701 dotnet-runtime-3.1 High arbitrary code execution
25 Mar 2021 ASA-202103-21 AVG-1698 dotnet-sdk High arbitrary code execution
25 Mar 2021 ASA-202103-20 AVG-1698 dotnet-runtime High arbitrary code execution
References
https://msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701
https://github.com/dotnet/announcements/issues/178