CVE-2020-0606: Improper Input Validation

May 24, 2022 (updated October 28, 2022)

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET Framework Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0605.

References

github.com/advisories/GHSA-r4mw-gxf7-vxr9
github.com/dotnet/announcements/issues/149
github.com/github/advisory-database/issues/302
nvd.nist.gov/vuln/detail/CVE-2020-0606
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606

Detect and mitigate CVE-2020-0606 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →