Vulnerability DatabaseCVE-2021-24112

CVE-2021-24112:
vulnerability analysis and mitigation

Overview

.NET Core Remote Code Execution Vulnerability (CVE-2021-24112) was identified and disclosed on January 13, 2021. This vulnerability affects Microsoft's .NET Core framework (CVE Mitre).

Technical details

The vulnerability has been assigned a CVSS score of 8.0, indicating a high severity level. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no authentication (Au:N), and potentially impacting confidentiality, integrity, and availability partially (C:P/I:P/A:P) (Rapid7).

Impact

This vulnerability could potentially allow remote code execution on affected systems running .NET Core applications (NVD).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

9.8

Score

Published February 25, 2021

Severity CRITICAL

CNA Score 8.1

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 78

Exploitation Probability (EPSS) 1.1

Affected packages and libraries

cpe:2.3:a:microsoft:.net_core
mono

Sources

GitHub Advisory Database
- NuGet Severity CRITICALHas FixAdded at: Oct 25, 2022
Homebrew
- Homebrew Severity CRITICALHas FixAdded at: Feb 12, 2024
Nix
- Nix Severity CRITICALHas FixAdded at: Nov 01, 2023
Photon Security Advisory
- Photon 4.0 Severity CRITICALHas FixAdded at: Jun 15, 2025
- Photon 5.0 Severity CRITICALHas FixAdded at: Jan 27, 2026
NVD
- Linux Severity CRITICALHas FixAdded at: Nov 14, 2022
- Windows Severity CRITICALHas FixAdded at: Nov 14, 2022