CVE-2021-34532 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Information disclosure |
| Description | An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2278 | dotnet-runtime-3.1, dotnet-sdk-3.1 | 3.1.17.sdk117-1 | 3.1.20.sdk120-1 | Medium | Fixed | |
| AVG-2277 | dotnet-runtime, dotnet-sdk | 5.0.8.sdk205-1 | 6.0.0.sdk100-1 | Medium | Fixed |
| References |
|---|
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34532 https://github.com/dotnet/announcements/issues/195 |