On .NET Core, we mishandle 1xx (includes 100-Continue) response as a final response on SocketsHttpHandler, which will constitute a cross-origin information disclosure vulnerability in case the client multiplexes requests to different origins onto a single persistent connection: the real final response to the first request will be used as a response for a different request on the same connection. (a well behaved server can cause information disclosure as well).
This issue has been addressed in the following products:
.NET Core on Red Hat Enterprise Linux
Via RHSA-2019:0040 https://access.redhat.com/errata/RHSA-2019:0040