CVE-2022-34716 — XML External Entity (XXE) Injection in Microsoft Microsoft.aspnetcore.app.runtime.linux-arm

CWE-611 — XML External Entity (XXE) Injection4 documents4 sources

Severity

5.9MEDIUM

No vector

EPSS

1.0%

top 23.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft.aspnetcore.app.runtime.linux-arm Microsoft Microsoft.aspnetcore.app.runtime.linux-arm64 Microsoft Microsoft.aspnetcore.app.runtime.linux-musl-arm +9 more

Timeline

PublishedAug 9

Latest updateFeb 3

Description

dotnet: External Entity Injection during XML signature verification .NET Spoofing Vulnerability An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information.

Affected Packages12 packages

▶NuGetmicrosoft/microsoft.aspnetcore.app.runtime.osx-x643.1.0 — 3.1.28+1

▶NuGetmicrosoft/microsoft.aspnetcore.app.runtime.win-arm3.1.0 — 3.1.28+1

▶NuGetmicrosoft/microsoft.aspnetcore.app.runtime.win-x643.1.0 — 3.1.28+1

▶NuGetmicrosoft/microsoft.aspnetcore.app.runtime.win-x863.1.0 — 3.1.28+1

▶NuGetmicrosoft/microsoft.aspnetcore.app.runtime.linux-arm3.1.0 — 3.1.28+1

🔴Vulnerability Details

OSV

.NET Information Disclosure Vulnerability↗2024-02-03

▶

GHSA

.NET Information Disclosure Vulnerability↗2024-02-03

▶

📋Vendor Advisories

Red Hat

dotnet: External Entity Injection during XML signature verification↗2022-08-09

▶

Microsoft

.NET Spoofing Vulnerability↗2022-08-09

▶