Bug 1856929 (CVE-2020-1147) - CVE-2020-1147 dotnet: XML source markup processing remote code execution
Summary: CVE-2020-1147 dotnet: XML source markup processing remote code execution
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-1147
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1856932 1856933 1856934 1856935 1856936 1856937 1856938 1856939
Blocks: 1856921
TreeView+ depends on / blocked
 
Reported: 2020-07-14 17:47 UTC by Stefan Cornelius
Modified: 2021-01-06 10:04 UTC (History)
6 users (show)

Fixed In Version: dotnet core 2.1.20, dotnet core 3.1.6
Doc Type: ---
Doc Text:
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application.
Clone Of:
Environment:
Last Closed: 2020-07-15 13:27:37 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2964 0 None None None 2020-07-15 21:29:42 UTC
Red Hat Product Errata RHBA-2020:2980 0 None None None 2020-07-16 13:42:31 UTC
Red Hat Product Errata RHBA-2020:2981 0 None None None 2020-07-16 14:08:35 UTC
Red Hat Product Errata RHSA-2020:2937 0 None None None 2020-07-15 11:04:22 UTC
Red Hat Product Errata RHSA-2020:2938 0 None None None 2020-07-15 11:05:53 UTC
Red Hat Product Errata RHSA-2020:2939 0 None None None 2020-07-15 11:05:22 UTC
Red Hat Product Errata RHSA-2020:2954 0 None None None 2020-07-15 14:33:47 UTC
Red Hat Product Errata RHSA-2020:2988 0 None None None 2020-07-16 19:19:39 UTC
Red Hat Product Errata RHSA-2020:2989 0 None None None 2020-07-17 14:47:52 UTC

Description Stefan Cornelius 2020-07-14 17:47:45 UTC 
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core application.

External References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
https://github.com/dotnet/announcements/issues/159
Comment 2 errata-xmlrpc 2020-07-15 11:04:19 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2937 https://access.redhat.com/errata/RHSA-2020:2937
Comment 3 errata-xmlrpc 2020-07-15 11:05:18 UTC 
This issue has been addressed in the following products:

  .NET Core on Red Hat Enterprise Linux

Via RHSA-2020:2939 https://access.redhat.com/errata/RHSA-2020:2939
Comment 4 errata-xmlrpc 2020-07-15 11:05:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2938 https://access.redhat.com/errata/RHSA-2020:2938
Comment 5 Product Security DevOps Team 2020-07-15 13:27:37 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-1147
Comment 6 errata-xmlrpc 2020-07-15 14:33:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2954 https://access.redhat.com/errata/RHSA-2020:2954
Comment 7 errata-xmlrpc 2020-07-16 19:19:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2988 https://access.redhat.com/errata/RHSA-2020:2988
Comment 8 errata-xmlrpc 2020-07-17 14:47:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:2989 https://access.redhat.com/errata/RHSA-2020:2989
Note You need to log in before you can comment on or make changes to this bug.