dotnet-sdk

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description The .NET Core SDK
Version 5.0.7.sdk204-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1944 5.0.5.sdk202-1 5.0.6.sdk203-1 Medium Fixed
AVG-1698 5.0.3.sdk103-2 5.0.4.sdk104-1 High Fixed FS#69317
AVG-1449 3.1.8.sdk108-1 5.0.3.sdk103-2 High Fixed FS#69317
Issue Group Severity Remote Type Description
CVE-2021-31204 AVG-1944 Medium No Privilege escalation
An elevation of privilege vulnerability exists in .NET 5.0 and .NET Core 3.1 when a user runs a single file application on operating systems based on Linux...
CVE-2021-26701 AVG-1698 High Yes Arbitrary code execution
A remote code execution vulnerability exists in .NET 5.0 before Runtime 5.0.4 and SDK 5.0.104 as well as .NET Core 3.1 before Runtime 3.1.13 and SDK 3.1.113...
CVE-2021-24112 AVG-1449 High No Arbitrary code execution
A remote code execution vulnerability exists in dotnet-core before version 3.1.12 when parsing certain types of graphics files. This vulnerability only...
CVE-2021-1723 AVG-1449 Medium Yes Denial of service
A flaw was found in dotnet-core before version 3.1.11. Running callbacks outside of locks results in Krestel deadlock using HTTP2.
CVE-2021-1721 AVG-1449 Medium Yes Denial of service
A security issue was found in dotnet-core before version 3.1.12. A denial-of-service vulnerability exists when creating HTTPS web request during X509...

Advisories

Date Advisory Group Severity Type
25 May 2021 ASA-202105-20 AVG-1944 Medium privilege escalation
25 Mar 2021 ASA-202103-21 AVG-1698 High arbitrary code execution
25 Mar 2021 ASA-202103-17 AVG-1449 High multiple issues