Improper Certificate Validation in Microsoft .NET Framework components
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Package
Affected versions
>= 4.0.0, < 4.1.3
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
Patched versions
4.1.3
4.3.3
4.4.4
4.5.3
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
>= 4.0.0, <= 4.0.2
4.3.3
4.4.4
4.5.3
4.0.4
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
>= 4.0.0, < 4.1.3
4.3.3
4.4.4
4.5.3
4.1.3
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
>= 4.0.0, < 4.1.3
4.3.3
4.4.4
4.5.3
4.1.3
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
>= 4.0.0, < 4.1.3
4.3.3
4.4.4
4.5.3
4.1.3
>= 4.3.0, < 4.3.3
>= 4.4.0, < 4.4.4
>= 4.5.0, < 4.5.3
>= 4.0.0, <= 4.0.2
4.3.3
4.4.4
4.5.3
4.0.4
Description
Published by the National Vulnerability Database
Jul 11, 2018
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Jul 8, 2022
Last updated
Jan 29, 2023
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
References