<< Back
CVE Number Vulnerability Product Severity Date
CVE-2021-24112 .NET Core Remote Code Execution Vulnerability .NET 5.0 Critical 11-02-2021

Technical Information

Brief overview of the risk:

A remote code execution vulnerability in .NET Core for non-Windows systems which exists when parsing certain types of graphics files. This vulnerability can be exploited by sending a specially crafted request to .NET applications that are utilizing libgdiplus on a non-Windows system. This vulnerability only exists on systems running on MacOS or Linux. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the logged on user.

Further information on this vulnerability is available at : CVE-2021-24112

Affected Software

.NET Core 2.1
.NET Core 3.1
.NET 5.0