News

Microsoft Fixes .NET Core Spoofing Vulnerability

Microsoft today (July 9) issued security-and-reliability updates to two .NET Core and .NET Core SDK releases, featuring a spoofing vulnerability fix.

.NET Core 2.1 and 2.2 were updated to fix CVE-2019-1075: ASP.NET Core Spoofing Vulnerability, which states:

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.

To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link.

The update addresses the vulnerability by correcting how ASP.NET Core parses URLs.

Specifically, available for download now are:

  • .NET Core 2.1.12, including .NET Core 2.1.12, ASP.NET Core 2.1.12 and the .NET Core SDK. Release notes are here.
  • .NET Core 2.2.6, including .NET Core 2.2.6, ASP.NET Core 2.2.6 and updates to the .NET Core SDK. Release notes are here.

Corresponding Docker images have also been updated. "Deployment of these updates on Azure App Services has been scheduled and it is expected to complete later in July 2019," Microsoft said.

More information can be found in a GitHub announcement and issue.

About the Author

David Ramel is an editor and writer for Converge360.

comments powered by Disqus

Featured

  • How to Do Machine Learning Evolutionary Optimization Using C#

    Resident data scientist Dr. James McCaffrey of Microsoft Research turns his attention to evolutionary optimization, using a full code download, screenshots and graphics to explain this machine learning technique used to train many types of models by modeling the biological processes of natural selection, evolution, and mutation.

  • Old Stone Wall Graphic

    Visual Studio Code Boosts Java Dependency Viewer

    Easier management of project code dependencies and improvements to extensions for popular Java frameworks and runtimes highlight the February update to Java in Visual Studio Code functionality.

  • Blule Squares

    Visual Studio 2019 for Mac 8.5 Preview Adds ASP.NET Core Authentication

    Microsoft, after shipping Visual Studio 2019 for Mac v8.4 with support for ASP.NET Core Blazor Server applications last month, is now previewing the v8.5 series, adding new authentication templates for ASP.NET Core along with other improvements.

  • Q&A with Brice Wilson: What's New in Angular 9

    We caught up with expert web developer/trainer Brice Wilson to get his take on Angular, which always appears at or near the top of periodic rankings of the most popular JavaScript-based web development frameworks.

  • Entity Framework Core Migrations

    Eric Vogel uses code samples and screenshots to demonstrate how to use Entity Framework Core migrations in a .NET Core application through the command line and in code.

.NET Insight

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.

Upcoming Events