Nov. 15, 2023, 2:51 p.m. |

Ubuntu security notices ubuntu.com

Barry Dorrans discovered that .NET did not properly implement certain
security features for Blazor server forms. An attacker could possibly
use this issue to bypass validation, which could trigger unintended
actions. (CVE-2023-36558)

Piotr Bazydlo discovered that .NET did not properly handle untrusted
URIs provided to System.Net.WebRequest.Create. An attacker could possibly
use this issue to inject arbitrary commands to backend FTP servers.
(CVE-2023-36049)

actions attacker blazor bypass cve features forms inject issue .net security security features server system trigger untrusted usn validation vulnerabilities

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Engineer II - Vulnerability Analysis

@ Datadog | New York City, USA

Associate Lead Consultant - SIEM Solution Management Job

@ Yash Technologies | Hyderabad, TG, IN

Cyber Security Senior Manager/Associate Director

@ EY | Johannesburg, GT, ZA, 2146

Cloud Security Engineer

@ Hexagon US Federal | Chantilly, VA

Sr Analyst, Governance, Risk, and Compliance

@ Tucows | Canada