CVE-2018-0786: Improper Certificate Validation

October 16, 2018 (updated July 7, 2022)

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka “.NET Security Feature Bypass Vulnerability.”

References

github.com/advisories/GHSA-jc8g-xhw5-6x46
github.com/dotnet/announcements/issues/51
github.com/github/advisory-database/issues/302
nvd.nist.gov/vuln/detail/CVE-2018-0786
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786

Code Behaviors & Features

Detect and mitigate CVE-2018-0786 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →