VulnerableCode Package Details - pkg:nuget/Microsoft.AspNetCore.Mvc.Cors@1.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-axvm-3dh9-3kf6 Aliases: CVE-2017-0247 GHSA-6xh7-4v2w-36q6	Improper Input Validation A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.	1.0.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.1.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-b2mg-kc6t-z7ht Aliases: CVE-2017-0256 GHSA-j8f4-2w4p-mhjc	Improper Input Validation A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.	1.0.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.1.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-bmf7-rsbm-3fb1 Aliases: CVE-2017-8700 GHSA-3rp6-rjw4-cq39	Microsoft Security Advisory CVE-2017-8700: CORS bypass can enable Information Disclosure	1.0.6 Affected by 0 other vulnerabilities. 1.1.5 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.1.6 Affected by 0 other vulnerabilities.
VCID-j4d8-wr24-63d3 Aliases: CVE-2017-0248 GHSA-ch6p-4jcm-h8vh	Improper Certificate Validation Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."	1.0.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.1.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-mrpr-pw4n-bfae Aliases: CVE-2017-0249 GHSA-qhqf-ghgh-x2m4	Improper Input Validation An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.	1.0.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.1.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-axvm-3dh9-3kf6
Aliases:
CVE-2017-0247
GHSA-6xh7-4v2w-36q6

Improper Input Validation A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.

1.0.4
Affected by 1 other vulnerability.

1.1.3
Affected by 1 other vulnerability.

VCID-b2mg-kc6t-z7ht
Aliases:
CVE-2017-0256
GHSA-j8f4-2w4p-mhjc

Improper Input Validation A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

1.0.4
Affected by 1 other vulnerability.

1.1.3
Affected by 1 other vulnerability.

VCID-bmf7-rsbm-3fb1
Aliases:
CVE-2017-8700
GHSA-3rp6-rjw4-cq39

Microsoft Security Advisory CVE-2017-8700: CORS bypass can enable Information Disclosure

1.0.6
Affected by 0 other vulnerabilities.

1.1.5
Affected by 1 other vulnerability.

1.1.6
Affected by 0 other vulnerabilities.

VCID-j4d8-wr24-63d3
Aliases:
CVE-2017-0248
GHSA-ch6p-4jcm-h8vh

Improper Certificate Validation Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."

1.0.4
Affected by 1 other vulnerability.

1.1.3
Affected by 1 other vulnerability.

VCID-mrpr-pw4n-bfae
Aliases:
CVE-2017-0249
GHSA-qhqf-ghgh-x2m4

Improper Input Validation An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

1.0.4
Affected by 1 other vulnerability.

1.1.3
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:49:04.271054+00:00	GitLab Importer	Affected by	VCID-bmf7-rsbm-3fb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-8700.yml	38.4.0
2026-04-16T20:48:45.268830+00:00	GitLab Importer	Affected by	VCID-mrpr-pw4n-bfae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0249.yml	38.4.0
2026-04-16T20:48:34.568267+00:00	GitLab Importer	Affected by	VCID-axvm-3dh9-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0247.yml	38.4.0
2026-04-16T20:48:14.052494+00:00	GitLab Importer	Affected by	VCID-b2mg-kc6t-z7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0256.yml	38.4.0
2026-04-16T20:48:08.923377+00:00	GitLab Importer	Affected by	VCID-j4d8-wr24-63d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0248.yml	38.4.0
2026-04-11T23:05:04.586754+00:00	GitLab Importer	Affected by	VCID-bmf7-rsbm-3fb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-8700.yml	38.3.0
2026-04-11T21:59:40.876858+00:00	GitLab Importer	Affected by	VCID-mrpr-pw4n-bfae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0249.yml	38.3.0
2026-04-11T21:59:29.765031+00:00	GitLab Importer	Affected by	VCID-axvm-3dh9-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0247.yml	38.3.0
2026-04-11T21:59:05.540617+00:00	GitLab Importer	Affected by	VCID-b2mg-kc6t-z7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0256.yml	38.3.0
2026-04-11T21:59:00.768458+00:00	GitLab Importer	Affected by	VCID-j4d8-wr24-63d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0248.yml	38.3.0
2026-04-02T23:13:21.198039+00:00	GitLab Importer	Affected by	VCID-bmf7-rsbm-3fb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-8700.yml	38.1.0
2026-04-02T22:12:52.241339+00:00	GitLab Importer	Affected by	VCID-mrpr-pw4n-bfae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0249.yml	38.1.0
2026-04-02T22:12:41.128232+00:00	GitLab Importer	Affected by	VCID-axvm-3dh9-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0247.yml	38.1.0
2026-04-02T22:12:23.859972+00:00	GitLab Importer	Affected by	VCID-b2mg-kc6t-z7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0256.yml	38.1.0
2026-04-02T22:12:19.041933+00:00	GitLab Importer	Affected by	VCID-j4d8-wr24-63d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0248.yml	38.1.0
2026-04-01T17:33:19.531463+00:00	GitLab Importer	Affected by	VCID-bmf7-rsbm-3fb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-8700.yml	38.0.0
2026-04-01T16:30:16.283046+00:00	GitLab Importer	Affected by	VCID-mrpr-pw4n-bfae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0249.yml	38.0.0
2026-04-01T16:30:05.094838+00:00	GitLab Importer	Affected by	VCID-axvm-3dh9-3kf6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0247.yml	38.0.0
2026-04-01T16:29:46.897847+00:00	GitLab Importer	Affected by	VCID-b2mg-kc6t-z7ht	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0256.yml	38.0.0
2026-04-01T16:29:42.219495+00:00	GitLab Importer	Affected by	VCID-j4d8-wr24-63d3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.AspNetCore.Mvc.Cors/CVE-2017-0248.yml	38.0.0
2026-04-01T12:38:29.160032+00:00	RetireDotNet Importer	Affected by	VCID-bmf7-rsbm-3fb1	https://github.com/RetireNet/Packages/blob/master/Content/2.json	38.0.0