CVE-2021-34532 vulnerability in Microsoft Products
Published on August 12, 2021
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
ASP.NET Core and Visual Studio Information Disclosure Vulnerability
Products Associated with CVE-2021-34532
stack.watch emails you whenever new vulnerabilities are published in Microsoft ASP.NET Core or Microsoft Visual Studio 2019. Just hit a watch button to start following.
Affected Versions
Microsoft ASP.NET Core 2.1:- Version 2.0 and below 2.1.29 is affected.
- Version 3.0 and below 3.1.18 is affected.
- Version 5.0 and below 5.0.9 is affected.
- Version 16.0 and below 16.4.25 is affected.
- Version 16.0.0 and below 16.7.18 is affected.
- Version 15.0.0 and below 16.9.10 is affected.
- Version 16.10.0 and below 16.10.5 is affected.
- Version 8.1.0 and below 8.10.7 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2021-34532
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.AspNetCore.Authentication.JwtBearer | < 2.1.29 | 2.1.29 |
| nuget | Microsoft.AspNetCore.Authentication.JwtBearer | >= 3.0.0, < 3.1.18 | 3.1.18 |
| nuget | Microsoft.AspNetCore.Authentication.JwtBearer | >= 5.0.0, < 5.0.9 | 5.0.9 |
Exploit Probability
EPSS
0.29%
Percentile
52.07%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.