Microsoft Security Advisory 4021279

Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Published: May 9, 2017
Version: 1.0

Executive Summary

Microsoft is releasing this security advisory to provide information about vulnerabilities in public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications correctly.

.NET Core & ASP.NET Core are the next generation of .NET that provide a familiar and modern framework for web and cloud scenarios. These products are actively developed by the .NET and ASP.NET team in collaboration with a community of open source developers, running on Windows, Mac OS X and Linux. When .NET Core was released, the version number was reset to 1.0.0 to reflect the fact that it is a separate product from its predecessor -.NET.

Affected Software
The vulnerabilities affect any Microsoft .NET Core project if it uses the following affected package versions...


Read more: Microsoft Security Advisory 4021279