6.8
CVSSv2

CVE-2019-1302

Published: 11/09/2019 Updated: 12/09/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Microsoft ASP.NET Core could allow a remote malicious user to gain elevated privileges on the system, caused by improper handling of input by project templates. By persuading a victim to click a specially-crafted link, an attacker could exploit this vulnerability to take actions on behalf of the victim.

Vulnerability Trend

Github Repositories

Open source vulnerability scanner for .NET Core projects

Build status Components dotnet-retire RetireNetRuntimesMiddleware RetireNetRuntimesBackgroundServices dotnet-retire A dotnet CLI extension to check your project for known vulnerabilities Install $ dotnet tool install -g dotnet-retire Usage $ dotnet retire Additional options: [--loglevel] {Trace|Debug|Information|Warning|Error|Critical} (default: Informati

Recent Articles

Microsoft Patch Tuesday – September 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Sep 2020

This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

Posted: 11 Sep, 201923 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – September 2019This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as s...