{"containers": {"cna": {"title": ".NET Core Remote Code Execution Vulnerability", "datePublic": "2021-02-09T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Visual Studio 2019 for Mac", "cpes": ["cpe:2.3:a:microsoft:visual_studio_2019:-:*:*:*:*:macos:*:*"], "platforms": ["Unknown"], "versions": [{"version": "8.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Mono 6.12.0", "cpes": ["cpe:2.3:a:microsoft:mono:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "6.12.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET Core 2.1", "cpes": ["cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "2.1", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET Core 3.1", "cpes": ["cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "3.1", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": ".NET 5.0", "cpes": ["cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "5.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": ".NET Core Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-29T22:33:25.762Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:21:18.636Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-24112", "datePublished": "2021-02-25T23:01:57", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:21:18.636Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", "matchCriteriaId": "8797E7EA-A66B-4B9C-AA2A-DAB08A8A16DB", "versionEndIncluding": "5.0.2", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C5D87DA-378D-4457-986B-8A0796ED00EB", "versionEndIncluding": "2.1.24", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B672ED7-CB65-4D0E-AD4B-4508C4FA8C92", "versionEndIncluding": "3.1.11", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:mono:*:*:*:*:*:*:*:*", "matchCriteriaId": "B46EB9C9-0D62-4F64-9C74-1F372F1543A8", "versionEndExcluding": "6.12.0.122", "versionStartIncluding": "6.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:-:*:*:*:*:macos:*:*", "matchCriteriaId": "21FE380F-7A47-4C72-8F07-526226531175", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": ".NET Core Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de .NET Core. Este ID de CVE es diferente de CVE-2021-26701"}], "id": "CVE-2021-24112", "lastModified": "2024-11-21T05:52:22.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-02-25T23:15:16.570", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "dotnet: Remote Code Execution Vulnerability", "id": "1933741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1933741"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": [".NET Core Remote Code Execution Vulnerability", "A flaw was found in dotnet. When a .NET application utilizing libgdiplus on a non-Windows system accepts input, this flaw allows an attacker to send a specially crafted request that could result in remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "name": "CVE-2021-24112", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:2.1", "fix_state": "Not affected", "package_name": "rh-dotnet21", "product_name": ".NET Core 2.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Not affected", "package_name": "rh-dotnet31", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:5.0", "fix_state": "Not affected", "package_name": "rh-dotnet50", "product_name": ".NET Core 5.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet3.1", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet5.0", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2021-02-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-24112\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-24112\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24112"], "statement": "Red Hat Enterprise Linux 8 and the .NET versions as shipped by Red Hat are not affected by this vulnerability since libgdiplus is an optional dependency for .NET and is currently not available for Red Hat Enterprise Linux.", "threat_severity": "Important"}