CVE-2021-34485 - log back

CVE-2021-34485 edited at 11 Aug 2021 06:30:08
References
+ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485
https://github.com/dotnet/announcements/issues/196
CVE-2021-34485 edited at 11 Aug 2021 06:27:38
Remote
- Remote
+ Local
Description
- An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
+ An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions.
References
- https://github.com/dotnet/announcements/issues/195
+ https://github.com/dotnet/announcements/issues/196
CVE-2021-34485 edited at 11 Aug 2021 06:25:40
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
References
+ https://github.com/dotnet/announcements/issues/195
Notes
CVE-2021-34485 created at 11 Aug 2021 06:19:38