VulnerableCode Package Details - pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm64@3.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-3gh3-btqm-vyce Aliases: CVE-2020-1108 GHSA-3w5p-jhp5-c29q	A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.	3.1.4 Affected by 0 other vulnerabilities.
VCID-511q-eymk-jub3 Aliases: CVE-2021-34485 GHSA-vgwq-hfqc-58wv	.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.
VCID-hdtq-9szq-qqhj Aliases: CVE-2021-1721 GHSA-3gp9-h8hw-pxpw	Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.	3.1.12 Affected by 0 other vulnerabilities. 5.0.3 Affected by 0 other vulnerabilities.
VCID-wm68-a9u8-b7cm Aliases: CVE-2020-1147 GHSA-g5vf-38cp-4px9	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.	3.1.6 Affected by 0 other vulnerabilities.
VCID-yp87-gy7h-aqcz Aliases: CVE-2021-26423 GHSA-rh58-r7jh-xhx3	.NET Core Elevation of Privilege Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/194 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57175 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423	3.1.18 Affected by 0 other vulnerabilities. 5.0.9 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3gh3-btqm-vyce
Aliases:
CVE-2020-1108
GHSA-3w5p-jhp5-c29q

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.

3.1.4
Affected by 0 other vulnerabilities.

VCID-511q-eymk-jub3
Aliases:
CVE-2021-34485
GHSA-vgwq-hfqc-58wv

.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

VCID-hdtq-9szq-qqhj
Aliases:
CVE-2021-1721
GHSA-3gp9-h8hw-pxpw

Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.

3.1.12
Affected by 0 other vulnerabilities.

5.0.3
Affected by 0 other vulnerabilities.

VCID-wm68-a9u8-b7cm
Aliases:
CVE-2020-1147
GHSA-g5vf-38cp-4px9

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

3.1.6
Affected by 0 other vulnerabilities.

VCID-yp87-gy7h-aqcz
Aliases:
CVE-2021-26423
GHSA-rh58-r7jh-xhx3

.NET Core Elevation of Privilege Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A denial of service vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/194 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57175 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26423

3.1.18
Affected by 0 other vulnerabilities.

5.0.9
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-02T12:44:04.001090+00:00	GHSA Importer	Affected by	VCID-wm68-a9u8-b7cm	https://github.com/advisories/GHSA-g5vf-38cp-4px9	37.0.0
2025-08-02T12:43:58.669799+00:00	GHSA Importer	Affected by	VCID-3gh3-btqm-vyce	https://github.com/advisories/GHSA-3w5p-jhp5-c29q	37.0.0
2025-08-02T09:13:03.418803+00:00	GitLab Importer	Affected by	VCID-yp87-gy7h-aqcz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2021-26423.yml	37.0.0
2025-08-02T09:12:58.193275+00:00	GitLab Importer	Affected by	VCID-511q-eymk-jub3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2021-34485.yml	37.0.0
2025-08-02T09:11:04.908701+00:00	GitLab Importer	Affected by	VCID-wm68-a9u8-b7cm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2020-1147.yml	37.0.0
2025-08-02T09:10:36.041057+00:00	GitLab Importer	Affected by	VCID-hdtq-9szq-qqhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2021-1721.yml	37.0.0
2025-08-02T09:10:31.751282+00:00	GitLab Importer	Affected by	VCID-3gh3-btqm-vyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2020-1108.yml	37.0.0
2025-07-31T12:35:56.085298+00:00	GHSA Importer	Affected by	VCID-yp87-gy7h-aqcz	https://github.com/advisories/GHSA-rh58-r7jh-xhx3	37.0.0
2025-07-31T12:35:51.396630+00:00	GHSA Importer	Affected by	VCID-511q-eymk-jub3	https://github.com/advisories/GHSA-vgwq-hfqc-58wv	37.0.0
2025-07-31T12:33:45.084751+00:00	GHSA Importer	Affected by	VCID-hdtq-9szq-qqhj	https://github.com/advisories/GHSA-3gp9-h8hw-pxpw	37.0.0