Skip to content

CVE-2018-8292 Explanation #61197

New issue
New issue
Open
Open
CVE-2018-8292 Explanation#61197
Labels
area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
@rollsch

Description

@rollsch
rollsch
opened on Mar 28, 2025

dotnet/runtime#27587

Could someone please explain how the following exploit works? We have some old software that uses the affected packages, however without detail explaining how the redirect is exploited I cannot determine if we are at risk or not.

Is anyone able to explain at a high level how CVE-2018-8292 would be exploited using for example System.Http.Net 4.0.0 ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions