CVE-2019-1302

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
11/09/2019
Last modified:
12/09/2019

Description

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:2.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*