Exposure of Sensitive Information in System.Net.Http
High severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Package
Affected versions
>= 2.1.0, < 2.1.7
= 2.2.0
Patched versions
2.1.7
2.2.1
Description
Published by the National Vulnerability Database
Jan 8, 2019
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 8, 2022
Last updated
Jan 27, 2023
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2.
References