CVE-2021-34532 log
Source |
|
Severity | Medium |
Remote | No |
Type | Information disclosure |
Description | An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2278 | dotnet-runtime-3.1, dotnet-sdk-3.1 | 3.1.17.sdk117-1 | 3.1.20.sdk120-1 | Medium | Fixed | |
AVG-2277 | dotnet-runtime, dotnet-sdk | 5.0.8.sdk205-1 | 6.0.0.sdk100-1 | Medium | Fixed |
References |
---|
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34532 https://github.com/dotnet/announcements/issues/195 |