VulnerableCode Package Details - pkg:nuget/Microsoft.AspNetCore.All@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9zu6-5d4v-f3ht Aliases: CVE-2020-0603 GHSA-655q-9gvg-q4cm	Microsoft Security Advisory CVE-2020-0603 : ASP.NET Core Remote Code Execution Vulnerability	3.1.1 Affected by 0 other vulnerabilities.
VCID-aqyy-zs6z-v7ar Aliases: CVE-2021-34532 GHSA-q7cg-43mg-qp69	Exposure of Sensitive Information to an Unauthorized Actor The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information.	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.
VCID-caba-95ag-9yf8 Aliases: CVE-2021-43877	Improper Privilege Management ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability	There are no reported fixed by versions.
VCID-fm28-azef-buh6 Aliases: CVE-2020-0602 GHSA-23cv-jh4v-vffm	Denial of service in ASP.NET Core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.	3.1.1 Affected by 0 other vulnerabilities.
VCID-j761-wgke-97d8 Aliases: CVE-2020-1597 GHSA-f8qx-mjcq-wfgx	A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka `ASP.NET Core Denial of Service Vulnerability`.	3.1.7 Affected by 0 other vulnerabilities.
VCID-n3cs-wjun-vfhe Aliases: CVE-2020-1045 GHSA-hxrm-9w7p-39cc	Cookie parsing failure A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.	3.1.8 Affected by 0 other vulnerabilities.
VCID-nx74-pj4e-4fde Aliases: CVE-2021-1723 GHSA-242j-2gm6-5rwx	ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.	3.1.11 Affected by 0 other vulnerabilities. 5.0.2 Affected by 0 other vulnerabilities.
VCID-puaf-7ge8-nbhg Aliases: CVE-2020-1161 GHSA-3cf7-7wq6-8842	A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.	3.1.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9zu6-5d4v-f3ht
Aliases:
CVE-2020-0603
GHSA-655q-9gvg-q4cm

Microsoft Security Advisory CVE-2020-0603 : ASP.NET Core Remote Code Execution Vulnerability

3.1.1
Affected by 0 other vulnerabilities.

VCID-aqyy-zs6z-v7ar
Aliases:
CVE-2021-34532
GHSA-q7cg-43mg-qp69

Exposure of Sensitive Information to an Unauthorized Actor The type of information that could be disclosed if an attacker successfully exploited this vulnerability is data inside the targeted website like IDs, tokens, nonces, and other sensitive information.

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

VCID-caba-95ag-9yf8
Aliases:
CVE-2021-43877

Improper Privilege Management ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

There are no reported fixed by versions.

VCID-fm28-azef-buh6
Aliases:
CVE-2020-0602
GHSA-23cv-jh4v-vffm

Denial of service in ASP.NET Core A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

3.1.1
Affected by 0 other vulnerabilities.

VCID-j761-wgke-97d8
Aliases:
CVE-2020-1597
GHSA-f8qx-mjcq-wfgx

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka `ASP.NET Core Denial of Service Vulnerability`.

3.1.7
Affected by 0 other vulnerabilities.

VCID-n3cs-wjun-vfhe
Aliases:
CVE-2020-1045
GHSA-hxrm-9w7p-39cc

Cookie parsing failure A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

3.1.8
Affected by 0 other vulnerabilities.

VCID-nx74-pj4e-4fde
Aliases:
CVE-2021-1723
GHSA-242j-2gm6-5rwx

ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

3.1.11
Affected by 0 other vulnerabilities.

5.0.2
Affected by 0 other vulnerabilities.

VCID-puaf-7ge8-nbhg
Aliases:
CVE-2020-1161
GHSA-3cf7-7wq6-8842

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

3.1.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:37:50.472730+00:00	GitLab Importer	Affected by	VCID-nx74-pj4e-4fde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2021-1723.yml	38.0.0
2026-04-02T12:37:18.983309+00:00	GitLab Importer	Affected by	VCID-n3cs-wjun-vfhe	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2020-1045.yml	38.0.0
2026-04-02T12:37:00.415684+00:00	GitLab Importer	Affected by	VCID-j761-wgke-97d8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2020-1597.yml	38.0.0
2026-04-02T12:36:45.823894+00:00	GitLab Importer	Affected by	VCID-puaf-7ge8-nbhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2020-1161.yml	38.0.0
2026-04-02T12:36:18.486519+00:00	GitLab Importer	Affected by	VCID-9zu6-5d4v-f3ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2020-0603.yml	38.0.0
2026-04-02T12:36:18.436306+00:00	GitLab Importer	Affected by	VCID-fm28-azef-buh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2020-0602.yml	38.0.0
2026-04-01T12:49:10.978009+00:00	GitLab Importer	Affected by	VCID-caba-95ag-9yf8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2021-43877.yml	38.0.0
2026-04-01T12:48:39.386135+00:00	GitLab Importer	Affected by	VCID-aqyy-zs6z-v7ar	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.All/CVE-2021-34532.yml	38.0.0