You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I hope you can help me clarify a question about system packages.
Since version 4.3.0 no more versions were released for the package, if I understand correctly the package is now part of a bundle that is published in each dotnet version. Now, if we open the package Microsoft.NETCore.App.Ref we can see that the new version is present in the FrameworkList.xml. Considering this, the version is the one that is in the AssemblyVersion property or the FileVersion property? Because, looking at the GitHub advisory it seems they are using the FileVersion to tell if the package is vulnerable or not. Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability CVE-2023-36049 GitHub Advisory Database
Thanks
The text was updated successfully, but these errors were encountered:
Hi,
I hope you can help me clarify a question about system packages.
Since version 4.3.0 no more versions were released for the package, if I understand correctly the package is now part of a bundle that is published in each dotnet version. Now, if we open the package Microsoft.NETCore.App.Ref we can see that the new version is present in the FrameworkList.xml. Considering this, the version is the one that is in the AssemblyVersion property or the FileVersion property? Because, looking at the GitHub advisory it seems they are using the FileVersion to tell if the package is vulnerable or not. Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability CVE-2023-36049 GitHub Advisory Database
Thanks
The text was updated successfully, but these errors were encountered: