VulnerableCode Package Details - pkg:nuget/Microsoft.AspNetCore.All@3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-53rf-vsb2-aaak Aliases: CVE-2021-43877	Improper Privilege Management ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability	There are no reported fixed by versions.
VCID-63fu-pwhf-aaaf Aliases: CVE-2020-0602 GHSA-23cv-jh4v-vffm	Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.	3.1.1 Affected by 0 other vulnerabilities.
VCID-8q71-vev8-aaar Aliases: CVE-2021-1723 GHSA-242j-2gm6-5rwx	Improper Input Validation ASP.NET Core and Visual Studio Denial of Service Vulnerability	3.1.11 Affected by 0 other vulnerabilities. 5.0.2 Affected by 0 other vulnerabilities.
VCID-bsmn-prby-aaan Aliases: CVE-2020-1597 GHSA-f8qx-mjcq-wfgx	Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.	3.1.7 Affected by 0 other vulnerabilities.
VCID-c413-2csk-aaam Aliases: CVE-2020-0603 GHSA-655q-9gvg-q4cm	Out-of-bounds Write A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.	3.1.1 Affected by 0 other vulnerabilities.
VCID-kkya-n1n5-aaaq Aliases: CVE-2020-1161 GHSA-3cf7-7wq6-8842	Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.	3.1.4 Affected by 0 other vulnerabilities.
VCID-rcjn-7ufv-aaag Aliases: CVE-2020-1045 GHSA-hxrm-9w7p-39cc	Improper Input Validation A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.	3.1.8 Affected by 0 other vulnerabilities.
VCID-zrxn-gnee-aaad Aliases: CVE-2021-34532 GHSA-q7cg-43mg-qp69	ASP.NET Core Information Disclosure Vulnerability	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-53rf-vsb2-aaak
Aliases:
CVE-2021-43877

Improper Privilege Management ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

There are no reported fixed by versions.

VCID-63fu-pwhf-aaaf
Aliases:
CVE-2020-0602
GHSA-23cv-jh4v-vffm

Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

3.1.1
Affected by 0 other vulnerabilities.

VCID-8q71-vev8-aaar
Aliases:
CVE-2021-1723
GHSA-242j-2gm6-5rwx

Improper Input Validation ASP.NET Core and Visual Studio Denial of Service Vulnerability

3.1.11
Affected by 0 other vulnerabilities.

5.0.2
Affected by 0 other vulnerabilities.

VCID-bsmn-prby-aaan
Aliases:
CVE-2020-1597
GHSA-f8qx-mjcq-wfgx

Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

3.1.7
Affected by 0 other vulnerabilities.

VCID-c413-2csk-aaam
Aliases:
CVE-2020-0603
GHSA-655q-9gvg-q4cm

Out-of-bounds Write A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.

3.1.1
Affected by 0 other vulnerabilities.

VCID-kkya-n1n5-aaaq
Aliases:
CVE-2020-1161
GHSA-3cf7-7wq6-8842

Improper Input Validation A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.

3.1.4
Affected by 0 other vulnerabilities.

VCID-rcjn-7ufv-aaag
Aliases:
CVE-2020-1045
GHSA-hxrm-9w7p-39cc

Improper Input Validation A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded. The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'.

3.1.8
Affected by 0 other vulnerabilities.

VCID-zrxn-gnee-aaad
Aliases:
CVE-2021-34532
GHSA-q7cg-43mg-qp69

ASP.NET Core Information Disclosure Vulnerability

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

purl	pkg:nuget/Microsoft.AspNetCore.All@3.1
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.5