CVE-2023-35391
published 2023-08-08CVE-2023-35391: ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | asp.net_core | >= 2.1 < 2.1.40 | 2.1.40 |
| microsoft | asp.net_core_2.1 | >= 2.0 < 2.1.40 | 2.1.40 |
| microsoft | microsoft_visual_studio_2022_version_17.2 | >= 17.2.0 < 17.2.18 | 17.2.18 |
| microsoft | microsoft_visual_studio_2022_version_17.4 | >= 17.4.0 < 17.4.10 | 17.4.10 |
| microsoft | microsoft_visual_studio_2022_version_17.6 | >= 17.6.0 < 17.6.6 | 17.6.6 |
| microsoft | net | >= 6.0.0 < 6.0.21 | 6.0.21 |
| microsoft | net | >= 7.0.0 < 7.0.10 | 7.0.10 |
| microsoft | net_6.0 | >= 6.0.0 < 6.0.21 | 6.0.21 |
| microsoft | net_7.0 | >= 7.0.0 < 7.0.10 | 7.0.10 |
| microsoft | visual_studio_2022 | >= 17.2.0 < 17.2.18 | 17.2.18 |
| microsoft | visual_studio_2022 | >= 17.4.0 < 17.4.10 | 17.4.10 |
| microsoft | visual_studio_2022 | >= 17.6.0 < 17.6.6 | 17.6.6 |
| msrc | asp.net_core_2.1 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.2 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.4 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | net_6.0 | — | — |
| msrc | net_7.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH