{"id":"GHSA-prrf-397v-83xh","summary":"Open redirect in ASP.NET Core","details":"A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'.","aliases":["CVE-2019-1075"],"modified":"2023-11-01T04:50:08.436001Z","published":"2022-05-24T16:50:19Z","database_specific":{"severity":"MODERATE","nvd_published_at":"2019-07-15T19:15:00Z","cwe_ids":["CWE-601"],"github_reviewed_at":"2022-07-07T23:23:59Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1075"},{"type":"WEB","url":"https://github.com/aspnet/Announcements/issues/373"},{"type":"WEB","url":"https://github.com/github/advisory-database/issues/302"},{"type":"WEB","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075"}],"affected":[{"package":{"name":"Microsoft.AspNetCore.App","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.App"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2.0"},{"fixed":"2.2.6"}]}],"versions":["2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.App","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.App"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1.0"},{"fixed":"2.1.12"}]}],"versions":["2.1.0","2.1.1","2.1.10","2.1.11","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.All","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.All"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2.0"},{"fixed":"2.2.6"}]}],"versions":["2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.All","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.All"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1.0"},{"fixed":"2.1.12"}]}],"versions":["2.1.0","2.1.1","2.1.10","2.1.11","2.1.2","2.1.3","2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.Server.IIS","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.Server.IIS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2.0"},{"fixed":"2.2.6"}]}],"versions":["2.2.0","2.2.1","2.2.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.Server.HttpSys","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.Server.HttpSys"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.2.0"},{"fixed":"2.2.6"}]}],"versions":["2.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}},{"package":{"name":"Microsoft.AspNetCore.Server.HttpSys","ecosystem":"NuGet","purl":"pkg:nuget/Microsoft.AspNetCore.Server.HttpSys"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1.0"},{"fixed":"2.1.12"}]}],"versions":["2.1.0","2.1.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-prrf-397v-83xh/GHSA-prrf-397v-83xh.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}