News

Microsoft Fixes .NET Core Spoofing Vulnerability

Microsoft today (July 9) issued security-and-reliability updates to two .NET Core and .NET Core SDK releases, featuring a spoofing vulnerability fix.

.NET Core 2.1 and 2.2 were updated to fix CVE-2019-1075: ASP.NET Core Spoofing Vulnerability, which states:

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.

To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link.

The update addresses the vulnerability by correcting how ASP.NET Core parses URLs.

Specifically, available for download now are:

  • .NET Core 2.1.12, including .NET Core 2.1.12, ASP.NET Core 2.1.12 and the .NET Core SDK. Release notes are here.
  • .NET Core 2.2.6, including .NET Core 2.2.6, ASP.NET Core 2.2.6 and updates to the .NET Core SDK. Release notes are here.

Corresponding Docker images have also been updated. "Deployment of these updates on Azure App Services has been scheduled and it is expected to complete later in July 2019," Microsoft said.

More information can be found in a GitHub announcement and issue.

About the Author

David Ramel is an editor and writer for Converge360.

comments powered by Disqus

Featured

  • Creating Reactive Applications in .NET

    In modern applications, data is being retrieved in asynchronous, real-time streams, as traditional pull requests where the clients asks for data from the server are becoming a thing of the past.

  • AI for GitHub Collaboration? Maybe Not So Much

    No doubt GitHub Copilot has been a boon for developers, but AI might not be the best tool for collaboration, according to developers weighing in on a recent social media post from the GitHub team.

  • Visual Studio 2022 Getting VS Code 'Command Palette' Equivalent

    As any Visual Studio Code user knows, the editor's command palette is a powerful tool for getting things done quickly, without having to navigate through menus and dialogs. Now, we learn how an equivalent is coming for Microsoft's flagship Visual Studio IDE, invoked by the same familiar Ctrl+Shift+P keyboard shortcut.

  • .NET 9 Preview 3: 'I've Been Waiting 9 Years for This API!'

    Microsoft's third preview of .NET 9 sees a lot of minor tweaks and fixes with no earth-shaking new functionality, but little things can be important to individual developers.

  • Data Anomaly Detection Using a Neural Autoencoder with C#

    Dr. James McCaffrey of Microsoft Research tackles the process of examining a set of source data to find data items that are different in some way from the majority of the source items.

Most   Popular

Subscribe on YouTube