VulnerableCode Package Details - pkg:alpm/archlinux/dotnet-sdk@5.0.3.sdk103-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-2nh7-xymy-c3ep Aliases: CVE-2021-26701 GHSA-ghhp-997w-qr28	.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. ### Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed. ### Discussion Discussion for this issue can be found at dotnet/runtime#49377 ### Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ### Affected software The vulnerable package is `System.Text.Encodings.Web` . Upgrading your package and redeploying your app should be sufficient to address this vulnerability. Vulnerable package versions: Any .NET 5, .NET Core, or .NET Framework based application that uses the System.Text.Encodings.Web package with a vulnerable version listed below. Package Name \| Vulnerable Versions \| Secure Versions -\|-\|- System.Text.Encodings.Web \| 4.0.0 - 4.5.0 \| 4.5.1 System.Text.Encodings.Web \| 4.6.0-4.7.1 \| 4.7.2 System.Text.Encodings.Web \| 5.0.0 \| 5.0.1 Please validate that each of the .NET versions you are using is in support. Security updates are only provided for supported .NET versions.	5.0.4.sdk104-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2nh7-xymy-c3ep
Aliases:
CVE-2021-26701
GHSA-ghhp-997w-qr28

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. ### Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed. ### Discussion Discussion for this issue can be found at dotnet/runtime#49377 ### Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ### Affected software The vulnerable package is `System.Text.Encodings.Web` . Upgrading your package and redeploying your app should be sufficient to address this vulnerability. Vulnerable package versions: Any .NET 5, .NET Core, or .NET Framework based application that uses the System.Text.Encodings.Web package with a vulnerable version listed below. Package Name | Vulnerable Versions | Secure Versions -|-|- System.Text.Encodings.Web | 4.0.0 - 4.5.0 | 4.5.1 System.Text.Encodings.Web | 4.6.0-4.7.1 | 4.7.2 System.Text.Encodings.Web | 5.0.0 | 5.0.1 Please validate that each of the .NET versions you are using is in support. Security updates are only provided for supported .NET versions.

5.0.4.sdk104-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hdtq-9szq-qqhj	Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.	CVE-2021-1721 GHSA-3gp9-h8hw-pxpw
VCID-kcqj-963x-43cx	.NET Core Remote Code Execution Vulnerability A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux. This CVE ID is unique from CVE-2021-26701.	CVE-2021-24112 GHSA-rxg9-xrhp-64gj
VCID-th31-3ubb-puf5	ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.	CVE-2021-1723 GHSA-242j-2gm6-5rwx

Vulnerability

Summary

Aliases

VCID-hdtq-9szq-qqhj

Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.

CVE-2021-1721
GHSA-3gp9-h8hw-pxpw

VCID-kcqj-963x-43cx

.NET Core Remote Code Execution Vulnerability A remote code execution vulnerability exists when parsing certain types of graphics files. This vulnerability only exists on systems running on MacOS or Linux. This CVE ID is unique from CVE-2021-26701.

CVE-2021-24112
GHSA-rxg9-xrhp-64gj

VCID-th31-3ubb-puf5

ASP.NET Core and Visual Studio Denial of Service Vulnerability A denial-of-service vulnerability exists in the way Kestrel parses HTTP/2 requests. The security update addresses the vulnerability by fixing the way the Kestrel parses HTTP/2 requests. Users are advised to upgrade.

CVE-2021-1723
GHSA-242j-2gm6-5rwx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-11T12:37:36.617851+00:00	Arch Linux Importer	Fixing	VCID-hdtq-9szq-qqhj	https://security.archlinux.org/AVG-1449	37.0.0
2025-08-11T12:37:36.588571+00:00	Arch Linux Importer	Fixing	VCID-th31-3ubb-puf5	https://security.archlinux.org/AVG-1449	37.0.0
2025-08-11T12:37:36.559004+00:00	Arch Linux Importer	Fixing	VCID-kcqj-963x-43cx	https://security.archlinux.org/AVG-1449	37.0.0
2025-08-11T12:37:36.520149+00:00	Arch Linux Importer	Affected by	VCID-2nh7-xymy-c3ep	https://security.archlinux.org/AVG-1698	37.0.0