GHSA-prrf-397v-83xh

Suggest an improvement
Source
https://github.com/advisories/GHSA-prrf-397v-83xh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-prrf-397v-83xh
Aliases
Published
2022-05-24T16:50:19Z
Modified
2023-11-01T04:50:08.436001Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Open redirect in ASP.NET Core
Details

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.

Database specific 
{
    "github_reviewed": true,
    "nvd_published_at": "2019-07-15T19:15:00Z",
    "github_reviewed_at": "2022-07-07T23:23:59Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-601"
    ]
}
References

Affected packages

NuGet
Microsoft.AspNetCore.App

Package

Name
Microsoft.AspNetCore.App
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.6

Affected versions

2.*
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.App

Package

Name
Microsoft.AspNetCore.App
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.12

Affected versions

2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.All

Package

Name
Microsoft.AspNetCore.All
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.6

Affected versions

2.*
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.All

Package

Name
Microsoft.AspNetCore.All
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.12

Affected versions

2.*
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.Server.IIS

Package

Name
Microsoft.AspNetCore.Server.IIS
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.Server.IIS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.6

Affected versions

2.*
2.2.0
2.2.1
2.2.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.Server.HttpSys

Package

Name
Microsoft.AspNetCore.Server.HttpSys
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.Server.HttpSys

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.2.0
Fixed
2.2.6

Affected versions

2.*
2.2.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"
Microsoft.AspNetCore.Server.HttpSys

Package

Name
Microsoft.AspNetCore.Server.HttpSys
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.Server.HttpSys

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.12

Affected versions

2.*
2.1.0
2.1.1

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"