CVE-2017-0248: Improper Certificate Validation

October 16, 2018 (updated April 5, 2021)

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka “.NET Security Feature Bypass Vulnerability.”

References

github.com/advisories/GHSA-ch6p-4jcm-h8vh
nvd.nist.gov/vuln/detail/CVE-2017-0248

Code Behaviors & Features

Detect and mitigate CVE-2017-0248 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →