VulnerableCode Package Details - pkg:nuget/Microsoft.NETCore.App@2.1.1

Vulnerabilities affecting this package (8)

Vulnerability	Summary	Fixed by
VCID-3gh3-btqm-vyce Aliases: CVE-2020-1108 GHSA-3w5p-jhp5-c29q	A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.	2.1.18 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-49c7-m7j6-ekdu Aliases: CVE-2019-0564 GHSA-6px8-22w5-w334	Microsoft Security Advisory CVE-2019-0564: ASP.NET Core Denial of Service Vulnerability	2.1.7 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-511q-eymk-jub3 Aliases: CVE-2021-34485 GHSA-vgwq-hfqc-58wv	.NET Core Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET 5.0, .NET Core 3.1 and .NET Core 2.1 when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS. ### Patches * If you're using .NET 5.0, you should download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. * If you're using .NET Core 2.1, you should download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. #### Other Details - Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/196 - An Issue for this can be found at https://github.com/dotnet/runtime/issues/57174 - MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34485	2.1.29 Affected by 0 other vulnerabilities.
VCID-755q-rkfx-1bba Aliases: CVE-2019-0545 GHSA-2xjx-v99w-gqf3	Exposure of Sensitive Information in System.Net.Http An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.	2.1.7 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-gnka-3cs8-tkb6 Aliases: CVE-2018-8416 GHSA-5633-f33j-c6f7	Microsoft Security Advisory CVE-2018-8416: .NET Core Tampering Vulnerability	2.1.7 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hdtq-9szq-qqhj Aliases: CVE-2021-1721 GHSA-3gp9-h8hw-pxpw	Denial of service in .NET core .NET Core and Visual Studio Denial of Service Vulnerability due to a vulnerability which exists when creating HTTPS web request during X509 certificate chain building.	2.1.25 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wm68-a9u8-b7cm Aliases: CVE-2020-1147 GHSA-g5vf-38cp-4px9	A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.	2.1.20 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zgvq-d1zk-cuby Aliases: CVE-2019-0657 GHSA-x5qj-9vmx-7g6g	Microsoft Security Advisory CVE-2019-0657: .NET Core Domain Spoofing Vulnerability	2.1.8 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.2 Affected by 0 other vulnerabilities.

Next non-vulnerable version	2.1.29
Latest non-vulnerable version	2.2.2
Risk	10.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T10:51:47.742944+00:00	GitLab Importer	Affected by	VCID-511q-eymk-jub3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2021-34485.yml	37.0.0
2025-08-01T10:37:27.408406+00:00	GitLab Importer	Affected by	VCID-3gh3-btqm-vyce	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2020-1108.yml	37.0.0
2025-08-01T10:34:13.641572+00:00	GitLab Importer	Affected by	VCID-wm68-a9u8-b7cm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2020-1147.yml	37.0.0
2025-08-01T10:33:12.649447+00:00	GitLab Importer	Affected by	VCID-hdtq-9szq-qqhj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2021-1721.yml	37.0.0
2025-08-01T10:27:32.354956+00:00	GitLab Importer	Affected by	VCID-755q-rkfx-1bba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2019-0545.yml	37.0.0
2025-08-01T10:27:29.677900+00:00	GitLab Importer	Affected by	VCID-49c7-m7j6-ekdu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2019-0564.yml	37.0.0
2025-08-01T10:26:19.876617+00:00	GitLab Importer	Affected by	VCID-zgvq-d1zk-cuby	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2019-0657.yml	37.0.0
2025-08-01T10:25:21.424422+00:00	GitLab Importer	Affected by	VCID-gnka-3cs8-tkb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App/CVE-2018-8416.yml	37.0.0
2025-07-31T08:11:03.040745+00:00	RetireDotNet Importer	Affected by	VCID-zgvq-d1zk-cuby	https://github.com/RetireNet/Packages/blob/master/Content/13.json	37.0.0
2025-07-31T08:11:01.849442+00:00	RetireDotNet Importer	Affected by	VCID-49c7-m7j6-ekdu	https://github.com/RetireNet/Packages/blob/master/Content/12.json	37.0.0