-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly mentions SocketsHttpHandler's mishandling of 1xx responses as the root cause (CVE-2019-0545). The vulnerability occurs because interim 1xx responses were treated as final, bypassing CORS validation for subsequent responses. The SocketsHttpHandler's response processing logic (likely in HandleResponse or related methods) failed to properly handle multi-response sequences, allowing unauthorized data exposure. This aligns with the CWE-200 classification and Microsoft's mitigation description about enforcing CORS configuration.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.NETCore.App | nuget | >= 2.1.0, < 2.1.7 | 2.1.7 |
| Microsoft.NETCore.App | nuget | = 2.2.0 | 2.2.1 |