Lucene search

Veracode Vulnerability DatabaseVERACODE:8126

HistoryJan 09, 2019 - 2:50 a.m.

Cross-Origin Resource Sharing (CORS) Bypass

2019-01-0902:50:50

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.019 Low

EPSS

Percentile

88.5%

JSON

System.Net.Http is vulnerable to cross-origin resource sharing (CORS) bypass. An attacker is able to exploit the vulnerability to retrieve confidential user and system information.

CPENameOperatorVersion
microsoft.netcore.appeq2.2.0
microsoft.netcore.apple2.1.6
microsoft.netcore.appeq2.2.0
microsoft.netcore.apple2.1.6

Name	Operator	Version
microsoft.netcore.app	eq	2.2.0
microsoft.netcore.app	le	2.1.6
microsoft.netcore.app	eq	2.2.0
microsoft.netcore.app	le	2.1.6

References

www.securityfocus.com/bid/106405

access.redhat.com/errata/RHSA-2019:0040

github.com/dotnet/corefx/issues/34428

github.com/dotnet/runtime/issues/28343

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for VERACODE:8126