CVE-2021-34485 log
Source |
|
Severity | Medium |
Remote | No |
Type | Information disclosure |
Description | An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2278 | dotnet-runtime-3.1, dotnet-sdk-3.1 | 3.1.17.sdk117-1 | 3.1.20.sdk120-1 | Medium | Fixed | |
AVG-2277 | dotnet-runtime, dotnet-sdk | 5.0.8.sdk205-1 | 6.0.0.sdk100-1 | Medium | Fixed |
References |
---|
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485 https://github.com/dotnet/announcements/issues/196 |