A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. External References: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416
Upstream pull request: https://github.com/dotnet/corefx/pull/32127
This issue has been addressed in the following products: .NET Core on Red Hat Enterprise Linux Via RHSA-2018:3676 https://access.redhat.com/errata/RHSA-2018:3676