When chained together, researchers at Rapid7 said, an unauthenticated attacker could reach a web API endpoint to inject server-side template patterns and exploit the high-severity flaw.

How to implement basic password authentication for a minimal API in ASP.NET Core using a custom authentication handler that validates the user’s credentials against a database.