VulnerableCode Package Details - pkg:nuget/Microsoft.AspNet.Mvc@1.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-axvm-3dh9-3kf6 Aliases: CVE-2017-0247 GHSA-6xh7-4v2w-36q6	Improper Input Validation A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.	1.1.3 Affected by 0 other vulnerabilities.
VCID-b2mg-kc6t-z7ht Aliases: CVE-2017-0256 GHSA-j8f4-2w4p-mhjc	Improper Input Validation A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.	3.0.20105.1 Affected by 0 other vulnerabilities.
VCID-mrpr-pw4n-bfae Aliases: CVE-2017-0249 GHSA-qhqf-ghgh-x2m4	Improper Input Validation An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.	3.0.20105.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-axvm-3dh9-3kf6
Aliases:
CVE-2017-0247
GHSA-6xh7-4v2w-36q6

Improper Input Validation A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

1.1.3
Affected by 0 other vulnerabilities.

VCID-b2mg-kc6t-z7ht
Aliases:
CVE-2017-0256
GHSA-j8f4-2w4p-mhjc

Improper Input Validation A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

3.0.20105.1
Affected by 0 other vulnerabilities.

VCID-mrpr-pw4n-bfae
Aliases:
CVE-2017-0249
GHSA-qhqf-ghgh-x2m4

Improper Input Validation An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

3.0.20105.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:47:14.244790+00:00	GitLab Importer	Affected by	VCID-axvm-3dh9-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNet.Mvc/CVE-2017-0247.yml	38.0.0
2026-04-01T12:47:14.208736+00:00	GitLab Importer	Affected by	VCID-b2mg-kc6t-z7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNet.Mvc/CVE-2017-0256.yml	38.0.0
2026-04-01T12:47:14.086114+00:00	GitLab Importer	Affected by	VCID-mrpr-pw4n-bfae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNet.Mvc/CVE-2017-0249.yml	38.0.0