CVE-2021-34532

Name of the Vulnerable Software and Affected Versions .NET Core versions 2.1 through 5.0 .NET 5.0 versions prior to 5.0.9 .NET Core 3.1 versions prior to 3.1.18 .NET Core 2.1 versions prior to 2.1.29

Description The issue is related to an information disclosure vulnerability in .NET Core and Visual Studio, where a JWT token is logged if it cannot be parsed. This vulnerability may allow an attacker to disclose protected information.

Recommendations For .NET 5.0, download and install Runtime 5.0.9 or SDK 5.0.206 (for Visual Studio 2019 v16.8) or SDK 5.0.303 (for Visual Studio 2019 V16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0. For .NET Core 3.1, download and install Runtime 3.1.18 or SDK 3.1.118 (for Visual Studio 2019 v16.4) or 3.1.412 (for Visual Studio 2019 v16.7 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1. For .NET Core 2.1, download and install Runtime 2.1.29 or SDK 2.1.525 (for Visual Studio 2019 v15.9) or 2.1.817 from https://dotnet.microsoft.com/download/dotnet-core/2.1. If your application is using .NET Core 2.1 running on .NET Framework, check your projects for dependencies and update them accordingly by examining your csproj file or using NuGet to update the dependency.