Nov 2023: ASP.NET Core Security Feature Bypass Vulnerability
CVE-2023-36558 Published on November 14, 2023
ASP.NET Core Security Feature Bypass Vulnerability
ASP.NET Core Security Feature Bypass Vulnerability
Products Associated with CVE-2023-36558
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-36558 are published in these products:
Affected Versions
Microsoft .NET 6.0:- Version 6.0.0 and below 6.0.25 is affected.
- Version 6.0 and below 6.0.25 is affected.
- Version 7.0.0 and below 7.0.14 is affected.
- Version 17.2.0 and below 17.2.22 is affected.
- Version 8.0 and below 8.0.0 is affected.
- Version 17.4.0 and below 17.4.14 is affected.
- Version 17.6.0 and below 17.6.10 is affected.
- Version 17.7.0 and below 17.7.7 is affected.
- Version 7.0.0 and below 7.0.14 is affected.
- Version 8.0 and below 8.0.0 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2023-36558
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| nuget | Microsoft.AspNetCore.Components | >= 6.0.0, <= 6.0.24 | 6.0.25 |
| nuget | Microsoft.AspNetCore.Components | >= 7.0.0, <= 7.0.13 | 7.0.14 |
| nuget | Microsoft.AspNetCore.Components | = 8.0.0-rc.2.23480.2 | 8.0.0 |
Exploit Probability
EPSS
0.35%
Percentile
56.93%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.