PT-2022-7018 · Microsoft+6 · Net Core 3.1+7

Felix Wilhelm

·

Published

2022-08-09

·

Updated

2025-09-04

·

CVE-2022-34716

CVSS v3.1

9.3

Critical

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions .NET Core 3.1 versions 3.1.0 through 3.1.27 .NET 6.0 versions 6.0.0 through 6.0.7
Description An information disclosure issue exists due to incorrect restriction of XML external entity references, potentially allowing a remote attacker to access confidential information. This issue affects .NET Core 3.1 and .NET 6.0 applications.
Recommendations For .NET Core 3.1 versions 3.1.0 through 3.1.27, update to Runtime 3.1.28. For .NET 6.0 versions 6.0.0 through 6.0.7, update to Runtime 6.0.8 or SDK 6.0.108.

Fix

Spoofing

XXE

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-290

Related Identifiers

ALSA-2022:6043
ALSA-2022:6057
ALSA-2022:6058
ALT-PU-2022-2510
ALT-PU-2022-3423
ALT-PU-2022-3424
ALT-PU-2023-1305
ALT-PU-2023-1306
ALT-PU-2023-1418
ALT-PU-2023-1419
ALT-PU-2023-1466
ALT-PU-2023-1467
ALT-PU-2023-4713
ALT-PU-2025-2023
BDU:2023-06583
BIT-DOTNET-2022-34716
BIT-DOTNET-SDK-2022-34716
BIT-POWERSHELL-2022-34716
CESA-2022_6057
CESA-2022_6058
CVE-2022-34716
GHSA-2M65-M22P-9WJW
GHSA-VH55-786G-WJWJ
RHSA-2022:6037
RHSA-2022:6038
RHSA-2022:6043
RHSA-2022:6057
RHSA-2022:6058
RHSA-2022_6043
RHSA-2022_6057
RHSA-2022_6058
RLSA-2022:6057
RLSA-2022:6058

Affected Products

Alt Linux
Almalinux
Centos
Net 6.0
Net Core 3.1
Red Hat
Red Os
Rocky Linux