CVE-2021-34485 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions.
Group Package Affected Fixed Severity Status Ticket
AVG-2278 dotnet-runtime-3.1, dotnet-sdk-3.1 3.1.17.sdk117-1 3.1.20.sdk120-1 Medium Fixed
AVG-2277 dotnet-runtime, dotnet-sdk 5.0.8.sdk205-1 6.0.0.sdk100-1 Medium Fixed
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485
https://github.com/dotnet/announcements/issues/196