VulnerableCode Package Details - pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-4rcu-jd6x-ufeu Aliases: CVE-2021-26423 GHSA-rh58-r7jh-xhx3	.NET Core Elevation of Privilege Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/194 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57175 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.
VCID-757k-8968-xkbx Aliases: CVE-2021-1721 GHSA-3gp9-h8hw-pxpw	Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.	3.1.12 Affected by 0 other vulnerabilities. 5.0.3 Affected by 0 other vulnerabilities.
VCID-du1r-hgyq-z7c7 Aliases: CVE-2021-34485 GHSA-vgwq-hfqc-58wv	.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.
VCID-v2z1-w1v6-4ufg Aliases: CVE-2020-1108 GHSA-3w5p-jhp5-c29q	A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.	3.1.4 Affected by 0 other vulnerabilities.
VCID-zy2q-8hz7-s7br Aliases: CVE-2020-1147 GHSA-g5vf-38cp-4px9	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.	3.1.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4rcu-jd6x-ufeu
Aliases:
CVE-2021-26423
GHSA-rh58-r7jh-xhx3

.NET Core Elevation of Privilege Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/194 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57175 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

VCID-757k-8968-xkbx
Aliases:
CVE-2021-1721
GHSA-3gp9-h8hw-pxpw

Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.

3.1.12
Affected by 0 other vulnerabilities.

5.0.3
Affected by 0 other vulnerabilities.

VCID-du1r-hgyq-z7c7
Aliases:
CVE-2021-34485
GHSA-vgwq-hfqc-58wv

.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

VCID-v2z1-w1v6-4ufg
Aliases:
CVE-2020-1108
GHSA-3w5p-jhp5-c29q

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

3.1.4
Affected by 0 other vulnerabilities.

VCID-zy2q-8hz7-s7br
Aliases:
CVE-2020-1147
GHSA-g5vf-38cp-4px9

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

3.1.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:32:40.072551+00:00	GHSA Importer	Affected by	VCID-zy2q-8hz7-s7br	https://github.com/advisories/GHSA-g5vf-38cp-4px9	38.1.0
2026-04-04T14:32:35.335500+00:00	GHSA Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://github.com/advisories/GHSA-3w5p-jhp5-c29q	38.1.0
2026-04-03T21:28:11.426069+00:00	GitLab Importer	Affected by	VCID-4rcu-jd6x-ufeu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x64/CVE-2021-26423.yml	38.1.0
2026-04-03T21:28:08.280780+00:00	GitLab Importer	Affected by	VCID-du1r-hgyq-z7c7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x64/CVE-2021-34485.yml	38.1.0
2026-04-03T21:27:02.979301+00:00	GitLab Importer	Affected by	VCID-757k-8968-xkbx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x64/CVE-2021-1721.yml	38.1.0
2026-04-03T21:26:37.537319+00:00	GitLab Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x64/CVE-2020-1108.yml	38.1.0
2026-04-03T21:26:30.799154+00:00	GitLab Importer	Affected by	VCID-zy2q-8hz7-s7br	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x64/CVE-2020-1147.yml	38.1.0
2026-04-01T16:03:53.108706+00:00	GHSA Importer	Affected by	VCID-4rcu-jd6x-ufeu	https://github.com/advisories/GHSA-rh58-r7jh-xhx3	38.0.0
2026-04-01T16:03:49.282274+00:00	GHSA Importer	Affected by	VCID-du1r-hgyq-z7c7	https://github.com/advisories/GHSA-vgwq-hfqc-58wv	38.0.0
2026-04-01T16:01:59.896662+00:00	GHSA Importer	Affected by	VCID-757k-8968-xkbx	https://github.com/advisories/GHSA-3gp9-h8hw-pxpw	38.0.0