CVE-2020-0603
HIGH8.8EPSS 10.8%Remote code execution in ASP.NET Core
發布日:2022/5/24修改日:2025/4/3
描述
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'.
受影響套件(13)
- Bitnami/aspnet-core>= 2.1.0, < 2.1.1, >= 3.0.0, < 3.0.1, >= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.All>= 2.1.0, < 2.1.15
- NuGet/Microsoft.AspNetCore.App>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-arm64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-musl-x64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.linux-x64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.osx-x64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.win-arm>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.win-x64>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.App.Runtime.win-x86>= 3.1.0, < 3.1.1
- NuGet/Microsoft.AspNetCore.Http.Connections>= 1.0.0, < 1.0.15
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-0603
- WEBhttps://access.redhat.com/errata/RHSA-2020:0130
- WEBhttps://access.redhat.com/errata/RHSA-2020:0134
- WEBhttps://github.com/aspnet/Announcements/issues/403
- WEBhttps://github.com/github/advisory-database/issues/302
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603