Affecting microsoft.aspnetcore.all package, versions [2.1.0, 2.1.12) || [2.2.0, 2.2.6)
microsoft.aspnetcore.all is a provides a default set of APIs for building an ASP.NET Core application, and also includes API for third-party integrations with ASP.NET Core.
Affected versions of this package are vulnerable to Open Redirect. A spoofing vulnerability exists that could lead to an redirection. An attacker who successfully exploits this vulnerability could redirect a targeted user to a malicious website.
microsoft.aspnetcore.all to version 2.1.12, 2.2.6 or higher.