AspNetCore is vulnerable to open redirect. It does not escape the user provided URL string, allowing an attacker to provide a malicious URL to redirect the user to a malicious website.
github.com/aspnet/Announcements/issues/373
github.com/dotnet/core/blob/3c66ae6b117584606b2f35b8b134da5ecc749510/release-notes/2.1/2.1.12/2.1.12.md
github.com/dotnet/core/blob/815fccb3cf2165816708bd6a8d247e3c59b1d9f3/release-notes/2.2/2.2.6/2.2.6.md
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075