CVE-2021-34532 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
Group Package Affected Fixed Severity Status Ticket
AVG-2278 dotnet-runtime-3.1, dotnet-sdk-3.1 3.1.17.sdk117-1 Medium Vulnerable
AVG-2277 dotnet-runtime, dotnet-sdk 5.0.8.sdk205-1 Medium Vulnerable
References
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34532
https://github.com/dotnet/announcements/issues/195