CVE-2019-0657

A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.

Published: Mar 6, 2019
Updated: May 9, 2024
CVE: CVE-2019-0657
GHSA: GHSA-x5qj-9vmx-7g6g
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / .net_core	1.0	1.0.x
microsoft / powershell_core	6.1	6.1.x
microsoft / powershell_core	6.0	6.0.x
microsoft / .net_core	2.1	2.1.x
microsoft / visual_studio_2017	15.9	15.9.x
microsoft / .net_core	2.2	2.2.x
microsoft / .net_framework	2.0-sp2	2.0-sp2.x
microsoft / .net_framework	3.0-sp2	3.0-sp2.x
microsoft / .net_framework	3.5	3.5.x
microsoft / .net_framework	3.5.1	3.5.1.x
microsoft / .net_framework	4.5.2	4.5.2.x
microsoft / .net_framework	4.6	4.6.x
microsoft / .net_framework	4.6.2	4.6.2.x
microsoft / .net_framework	4.7	4.7.x
microsoft / .net_framework	4.7.1	4.7.1.x
microsoft / .net_framework	4.7.2	4.7.2.x
microsoft / .net_framework	4.6.1	4.6.1.x
Microsoft.NETCore.App	2.2.0	2.2.2
Microsoft.NETCore.App	2.1.0	2.1.8
System.Private.Uri	4.3.0	4.3.2

Vulnerability Database

289,599

CVE-2019-0657