What is CVE-2019-1302?

CVE-2019-1302 is a vulnerability in Microsoft Asp.net Core. Published 2019-09-11.

Is CVE-2019-1302 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Asp.net Core

CVE-2019-1302

An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'.

EPSS: 0.099 (93.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Asp.net Core — versions 2.1, 2.2, 3.0

Public proof-of-concept exploits

RetireNet/dotnet-retire
cx-mallory-woods/DotNet-Retire
mallorycheckmarx/DotNet-Retire

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1302 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-1302?: CVE-2019-1302 is a vulnerability in Microsoft Asp.net Core. Published 2019-09-11.
Is CVE-2019-1302 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.