4 matches found
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync function method, which does not verify the identity of the calling TUser, allowing an attacker to escalate privileges to that of another user. Remediation Upgrade...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when parsing X509 certificates. Note: Windows systems are not vulnerable to this issue. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...