Published: 10/01/2018 Updated: 01/02/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".

Recent Articles

Don't just grab your CPU bug updates – there's a nasty hole in Office, too
The Register • Shaun Nichols in San Francisco • 09 Jan 2018

It's 2018 and a Word doc can still pwn your Windows computer

Patch Tuesday In case you've been hiding under a rock for the entirety of this new year (and we don't blame you if you have) there are a handful of major security flaws that have been dominating the news, and feature prominently in this month's Patch Tuesday update load.
First, let's look at the latest developments in the Meltdown/Spectre saga:
Nvidia has got around to kicking out graphics driver updates that address the Spectre flaws present in its code – for example, here are som...