maxmustermann/dotnet-core
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update 2.1.21.md

Browse source
This commit is contained in:
Rahul Bhandari 2020-09-07 15:04:57 -07:00 committed by GitHub
parent 2044ec8f27
commit c511713988
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
release-notes/2.1/2.1.21/2.1.21.md
View file

@ -58,15 +58,15 @@ The images are expected to be available later today.
.NET Core 2.1.21 release carries both security and non-security fixes.
### [CVE-2020-1147 | NET Core Remote Code Execution Vulnerability](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1147)
### [CVE-2020-1597 | NET Core Remote Code Execution Vulnerability](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1597)
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
Microsoft is aware of a remote code execution vulnerability exists in .NET software when the software fails to check the source markup of an XML file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an ASP.NET Core application, or other application that parses certain types of XML.
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application.
The security update addresses the vulnerability by restricting the types that are allowed to be present in the XML payload.
The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.
## Packages updated in this release: