An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect. An attacker who successfully exploited this vulnerability could use the information to further compromise the web application. The security update addresses the vulnerability by correcting how .NET Core handles redirects.