System.Net.Security

NuGet4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting System.Net.Securitypage 1 of 1

CVE-2017-0247HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.1
2017-05-12
vulnerable: 4.3.0
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.E…
CVE-2017-0248HIGHCVSS 7.5EG 7.5✓ Fixed in 4.3.1
2017-05-12
vulnerable: 4.3.0
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass V…
CVE-2017-0249HIGHCVSS 7.3EG 7.3✓ Fixed in 4.3.1
2017-05-12
vulnerable: 4.3.0
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0256MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.3.1
2017-05-12
vulnerable: 4.3.0
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.

Check whether System.Net.Security is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for System.Net.Security CVEs against the assets you own.

Start Free Scan →