System.Net.Http

NuGet5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting System.Net.Httppage 1 of 1

CVE-2017-0247HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.2
2017-05-12
vulnerable: 4.3.1
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.E…
CVE-2017-0248HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.2
2017-05-12
vulnerable: 4.3.1
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass V…
CVE-2017-0249HIGHCVSS 7.3EG 7.3✓ Fixed in 4.3.2
2017-05-12
vulnerable: 4.3.1
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0256MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.3.2
2017-05-12
vulnerable: 4.3.1
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2018-8292HIGHCVSS 7.5✓ Fixed in 4.3.4
2018-10-10
vulnerable: 2.0.20126.16343 ... 4.3.3 (24 versions)
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core …

Check whether System.Net.Http is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for System.Net.Http CVEs against the assets you own.

Start Free Scan →