-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.AspNetCore.Mvc.Core | nuget | >= 1.0.0, < 1.0.6 | 1.0.6 |
| Microsoft.AspNetCore.Mvc.Core | nuget | >= 1.1.0, < 1.1.6 | 1.1.6 |
| Microsoft.AspNetCore.Mvc.Cors | nuget | >= 1.0.0, < 1.0.6 | 1.0.6 |
| Microsoft.AspNetCore.Mvc.Cors | nuget | >= 1.1.0, < 1.1.6 | 1.1.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper enforcement of CORS policies in ASP.NET Core MVC. The advisory explicitly implicates Microsoft.AspNetCore.Mvc.Core and Microsoft.AspNetCore.Mvc.Cors packages, which handle CORS integration with MVC. The CorsAuthorizationFilter is central to applying CORS policies to MVC actions. A flaw in its authorization logic (e.g., failing to validate() origins/policies correctly) would directly explain the CORS bypass. The high confidence comes from: (1) the affected packages' responsibility for CORS-MVC integration, (2) the vulnerability's nature (CORS policy bypass), and (3) Microsoft's patch focusing on these components.