dotnet-sdk

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	The .NET Core SDK
Version	5.0.7.sdk204-1 [community]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1944	5.0.5.sdk202-1	5.0.6.sdk203-1	Medium	Fixed
AVG-1698	5.0.3.sdk103-2	5.0.4.sdk104-1	High	Fixed	FS#69317
AVG-1449	3.1.8.sdk108-1	5.0.3.sdk103-2	High	Fixed	FS#69317

Issue	Group	Severity	Remote	Type	Description
CVE-2021-31204	AVG-1944	Medium	No	Privilege escalation	An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux...
CVE-2021-26701	AVG-1698	High	Yes	Arbitrary code execution	A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113...
CVE-2021-24112	AVG-1449	High	No	Arbitrary code execution	A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only...
CVE-2021-1723	AVG-1449	Medium	Yes	Denial of service	A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2.
CVE-2021-1721	AVG-1449	Medium	Yes	Denial of service	A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509...

Advisories

Date	Advisory	Group	Severity	Type
25 May 2021	ASA-202105-20	AVG-1944	Medium	privilege escalation
25 Mar 2021	ASA-202103-21	AVG-1698	High	arbitrary code execution
25 Mar 2021	ASA-202103-17	AVG-1449	High	multiple issues