.NET Core is affected by a certificate validation bypass. A flaw in the certificate validation allows an attacker to bypass the security checks, even passing expired certificates.
www.securityfocus.com/bid/104664
www.securitytracker.com/id/1041257
github.com/dotnet/announcements/issues/73
github.com/dotnet/wcf/commit/1587d617b0073b6d054509160d5ada80b75a065c
github.com/dotnet/wcf/commit/8be0bf63d8b626f1cb9d12dbee3f93a93711ee06
github.com/dotnet/wcf/commit/a9280ed4e3f07f1824958da6ca39a66f5c1a5bb6
github.com/dotnet/wcf/commit/c3182d46f45780e52a393aee30ff48e57dbc53ae
github.com/dotnet/wcf/issues/3009
github.com/dotnet/wcf/pull/2478
github.com/dotnet/wcf/pull/2479
github.com/dotnet/wcf/pull/2486
github.com/dotnet/wcf/pull/2492
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356