CVE-2019-1302

EPSS 9.9%

Elevation of privilege in ASP.NET Core

Published: 5/24/2022Modified: 12/3/2024

Description

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

Affected packages (1)

NuGet/Microsoft.AspNetCore.SpaServices>= 2.2.0, < 2.2.7

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-1302
WEBhttps://github.com/aspnet/Announcements/issues/384
WEBhttps://github.com/github/advisory-database/issues/302
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302