Log

AVG-2278 created at 11 Aug 2021 06:31:11
Packages
+ dotnet-runtime-3.1
+ dotnet-sdk-3.1
Issues
+ CVE-2021-26423
+ CVE-2021-34485
+ CVE-2021-34532
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 5.0.8.sdk205-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34532 edited at 11 Aug 2021 06:30:32
Remote
- Remote
+ Local
References
+ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34532
https://github.com/dotnet/announcements/issues/195
Notes
CVE-2021-34485 edited at 11 Aug 2021 06:30:08
References
+ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485
https://github.com/dotnet/announcements/issues/196
CVE-2021-26423 edited at 11 Aug 2021 06:29:47
References
+ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423
https://github.com/dotnet/announcements/issues/194
CVE-2021-34485 edited at 11 Aug 2021 06:27:38
Remote
- Remote
+ Local
Description
- An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
+ An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions.
References
- https://github.com/dotnet/announcements/issues/195
+ https://github.com/dotnet/announcements/issues/196
CVE-2021-34532 edited at 11 Aug 2021 06:26:28
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
References
+ https://github.com/dotnet/announcements/issues/195
CVE-2021-34485 edited at 11 Aug 2021 06:25:40
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where a JWT token is logged if it cannot be parsed.
References
+ https://github.com/dotnet/announcements/issues/195
Notes
AVG-2277 edited at 11 Aug 2021 06:23:41
Severity
- Unknown
+ Medium
CVE-2021-26423 edited at 11 Aug 2021 06:23:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.9 and SDK 5.0.206 as well as .NET Core 3.1 before Runtime 3.1.18 and SDK 3.1.118 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame.
References
+ https://github.com/dotnet/announcements/issues/194
Notes
AVG-2277 created at 11 Aug 2021 06:19:38
Packages
+ dotnet-runtime
+ dotnet-sdk
Issues
+ CVE-2021-26423
+ CVE-2021-34485
+ CVE-2021-34532
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.0.8.sdk205-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34532 created at 11 Aug 2021 06:19:38
AVG-2277 created at 11 Aug 2021 06:19:38
Packages
+ dotnet-runtime
+ dotnet-sdk
Issues
+ CVE-2021-26423
+ CVE-2021-34485
+ CVE-2021-34532
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.0.8.sdk205-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34485 created at 11 Aug 2021 06:19:38