Version 2.2.8

Microsoft.NETCore.App

A set of .NET API's that are included in the default .NET Core application model. b9aa1abc510165cdc4c92e59d938def6f3eee0e1 When using NuGet 3.x this package requires at least version 3.4.

Install Instructions

dotnet add package Microsoft.NETCore.App
Language C#
Package URL (purl) pkg:nuget/Microsoft.NETCore.App@2.2.8

Find Microsoft.NETCore.App vulnerabilities in your supply chain.

Scan for Free

Microsoft.NETCore.App Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2018-8416 Medium 6.5 0.00138 0.50691
  • 2.1.0–2.1.6
CVE-2019-0545 High 7.5 CWE-200 0.0166 0.88116
  • 2.1.0–2.2.0
CVE-2019-0564 High 7.5 CWE-19 0.00445 0.75705
  • 2.1.0–2.2.0
CVE-2019-0657 Medium 5.9 CWE-20 0.00206 0.59343
  • 2.1.0–2.2.1
CVE-2019-0815 High 7.5 CWE-19 0.00104 0.44139
  • 2.0.0–2.2.0-preview3-27014-02
  • 1.0.0–1.1.13
CVE-2019-0982 High 7.5 CWE-19 0.00138 0.50696
  • 2.1.0–2.2.4
CVE-2019-1075 Medium 6.1 CWE-601 0.00198 0.58441
  • 2.1.0–2.2.5
CVE-2020-0602 High 7.5 CWE-400 0.00257 0.65869
  • 2.1.0–2.1.14
CVE-2020-0603 High 8.8 CWE-119, CWE-787 0.02374 0.9021
  • 2.1.0–2.1.14
CVE-2020-1045 High 7.5 CWE-358 0.0037 0.73376
  • 2.0.0–2.1.21
  • 1.0.0–1.1.13
CVE-2020-1108 High 7.5 CWE-400 0.00144 0.51542
  • 2.1.0–2.1.17
CVE-2020-1147 High 7.8 CWE-94 0.91129 0.99003
  • 2.0.0–2.1.19
  • 1.0.0–1.1.13
CVE-2020-1597 High 7.5 CWE-20 0.01503 0.87454
  • 2.1.0–2.1.20
CVE-2021-1721 Medium 6.5 CWE-400 0.0029 0.69777
  • 2.1.0–2.1.24
CVE-2021-34485 Medium 5 CWE-117 0.00095 0.41646
  • 2.1.0–2.1.28
CVE-2018-0784 High 8.8 CWE-269 0.00506 0.77202
  • 2.0.0–2.1.3
CVE-2018-0785 Medium 6.5 CWE-352 0.00255 0.65731
  • 2.0.0–2.1.3
CVE-2017-11770 High 7.5 CWE-295 0.02606 0.90673
  • 2.0.0–2.0.0-preview2-25407-01
  • 1.0.0–1.1.13
CVE-2017-8585 High 7.5 CWE-20 0.00928 0.83597
  • 2.0.0-preview1-002111-00–2.0.0-preview2-25407-01
  • 1.0.0–1.1.13
CVE-2018-0808 High 7.5 CWE-400 0.003 0.70258
  • 2.0.0-preview1-002111-00–2.0.0-preview2-25407-01
  • 1.0.0–1.1.13
CVE-2018-0875 High 7.5 CWE-400 0.00448 0.75787
  • 2.0.0–2.0.5
  • 1.0.0–1.1.13
CVE-2018-0764 High 7.5 CWE-400 0.0041 0.74619
  • 2.0.0–2.0.4
  • 1.0.0–1.1.5

Microsoft.NETCore.App Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2021-1721 .NET Core and Visual Studio Denial of Service Vulnerability 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2020-1597 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2020-1147 A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.0-preview1-26216-03, 2.1.1, 2.0.0-preview1-002111-00, 2.0.0, 1.1.2 (Show all) Minor → 2.2.6
CVE-2020-1108 A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2020-1045 A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names., aka 'Microsoft ASP.NET Core Security Feature Bypass Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.0-preview1-26216-03, 2.1.1, 2.0.0-preview1-002111-00, 2.0.0, 1.1.2 (Show all) Minor → 2.2.6
CVE-2020-0603 A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2020-0602 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.1.10 (Show all) Minor → 2.2.6
CVE-2019-1075 A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.2.0 (Show all) Minor → 2.2.6
CVE-2019-0982 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.2.0 (Show all) Minor → 2.2.6
CVE-2019-0815 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.0-preview1-26216-03, 2.1.1, 2.0.0-preview1-002111-00, 2.0.0, 1.1.2 (Show all) Minor → 2.2.6
CVE-2019-0657 A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.2.0 (Show all) Minor → 2.2.6
CVE-2019-0564 A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.2.0 Minor → 2.2.6
CVE-2019-0545 An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5, 2.2.0 Minor → 2.2.6
CVE-2018-8416 A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. 2.1.4, 2.1.3, 2.1.2, 2.1.1, 2.1.0, 2.1.6, 2.1.5 Minor → 2.2.6
CVE-2018-0875 .NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability". 2.0.0-preview1-002111-00, 2.0.0, 1.1.2, 1.1.10, 2.0.3, 1.0.7, 1.1.1, 1.1.0-preview1-001100-00 (Show all) Major → 2.2.6
CVE-2018-0808 ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. 2.0.0-preview1-002111-00, 1.1.2, 1.1.10, 1.0.7, 1.1.1, 1.1.0-preview1-001100-00, 1.1.0, 1.0.5-servicing-004880-00 (Show all) Major → 2.2.6
CVE-2018-0785 ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". 2.1.3, 2.1.2, 2.1.0-preview1-26216-03, 2.1.1, 2.0.0, 2.0.3, 2.1.0, 2.1.0-rc1 (Show all) Minor → 2.2.6
CVE-2018-0784 ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. 2.1.3, 2.1.2, 2.1.0-preview1-26216-03, 2.1.1, 2.0.0, 2.0.3, 2.1.0, 2.1.0-rc1 (Show all) Minor → 2.2.6
CVE-2018-0764 Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. 2.0.0, 1.1.2, 2.0.3, 1.0.7, 1.1.1, 1.1.0, 1.0.5-servicing-004880-00, 1.0.5 (Show all) Minor → 2.2.6
CVE-2017-8585 Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. 2.0.0-preview1-002111-00, 1.1.2, 1.1.10, 1.1.1, 1.1.0-preview1-001100-00, 1.1.0, 1.0.5-servicing-004880-00, 1.0.5 (Show all) Major → 2.2.6
CVE-2017-11770 .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". 2.0.0-preview1-002111-00, 2.0.0, 1.1.2, 1.1.10, 1.0.7, 1.1.1, 1.1.0-preview1-001100-00, 1.1.0 (Show all) Major → 2.2.6

Instantly see if these Microsoft.NETCore.App vulnerabilities affect your code.

Scan for Free