{"id":"CVE-2019-1302","details":"An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.","aliases":["GHSA-xr8f-59pp-rxxh"],"modified":"2026-04-11T21:44:48.587345Z","published":"2019-09-11T22:15:19.087Z","references":[{"type":"FIX","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dotnet/aspnetcore","events":[{"introduced":"0"},{"last_affected":"00e08d8c11f4e9649492342c9c613a758efd2e4d"},{"last_affected":"ce8cf65589734f82b0536c543aba5bd60d0a5a98"},{"last_affected":"53b0d448a53403ca84bb3dac66dcd20eb375aeaa"}],"database_specific":{"cpe":["cpe:2.3:a:microsoft:asp.net_core:2.1:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:asp.net_core:2.2:*:*:*:*:*:*:*","cpe:2.3:a:microsoft:asp.net_core:3.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.1"},{"last_affected":"2.2"},{"last_affected":"3.0"}]}}],"versions":["1.0.0","1.0.0-rc2","1.0.0-rc2-final","1.0.1","1.0.3","1.0.4","1.0.5","1.0.7","1.1.0","1.1.0-preview1","1.1.1","1.1.2","1.1.3","1.1.5","2.0.0","2.0.0-preview1","2.0.0-preview2","2.1.0","2.1.0-preview1","2.1.0-preview2","2.1.1","2.1.3","2.1.5","2.1.6","2.2.0","2.2.0-preview1","2.2.0-preview2","2.2.0-preview3","release/2.1","v1.0.0-alpha2","v1.0.0-alpha3","v1.0.0-beta4","v1.0.0-beta5","v1.0.0-beta6","v1.0.0-beta7","v1.0.0-beta8","v1.0.0-rc1-final","v1.0.0-rc1-update1","v2.1.10","v2.1.11","v2.1.12","v2.1.13","v2.1.14","v2.1.16","v2.1.17","v2.1.18","v2.1.19","v2.1.20","v2.1.22","v2.1.23","v2.1.24","v2.1.33","v2.1.7","v2.1.8","v2.1.9","v3.0.0","v3.0.0-preview-18579-0056","v3.0.0-preview-19075-0444","v3.0.1","v3.0.3","v3.0.extra"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-1302.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}