CVE-2021-34485

Name of the Vulnerable Software and Affected Versions .NET Core versions prior to 5.0.9 .NET Core versions prior to 3.1.18 .NET Core versions prior to 2.1.29 Visual Studio (affected versions not specified)

Description The issue is related to insufficient protection of sensitive data in Microsoft Visual Studio and .NET Core. Exploitation of this issue may allow an attacker to disclose protected information. The vulnerability exists when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS.

Recommendations For .NET 5.0, download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. For .NET Core 3.1, download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. For .NET Core 2.1, download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1.