VDB
KO
HIGH 7.5

GHSA-6px8-22w5-w334

Denial of service in ASP.NET Core

Details

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

Are you affected?

Enter the version of the package you're using.

Affected packages

NuGet / Microsoft.AspNetCore.WebSockets
Introduced in: 2.2.0 Fixed in: 2.2.1
Fix dotnet add package Microsoft.AspNetCore.WebSockets --version 2.2.1
NuGet / Microsoft.AspNetCore.WebSockets
Introduced in: 2.1.0 Fixed in: 2.1.7
Fix dotnet add package Microsoft.AspNetCore.WebSockets --version 2.1.7
NuGet / Microsoft.AspNetCore.Server.Kestrel.Core
Introduced in: 2.1.0 Fixed in: 2.1.7
Fix dotnet add package Microsoft.AspNetCore.Server.Kestrel.Core --version 2.1.7
NuGet / System.Net.WebSockets.WebSocketProtocol
Introduced in: 4.5.0 Fixed in: 4.5.3
Fix dotnet add package System.Net.WebSockets.WebSocketProtocol --version 4.5.3
NuGet / Microsoft.NETCore.App
Introduced in: 2.2.0 Fixed in: 2.2.1
Fix dotnet add package Microsoft.NETCore.App --version 2.2.1
NuGet / Microsoft.NETCore.App
Introduced in: 2.1.0 Fixed in: 2.1.7
Fix dotnet add package Microsoft.NETCore.App --version 2.1.7
NuGet / Microsoft.AspNetCore.App
Introduced in: 2.2.0 Fixed in: 2.2.1
Fix dotnet add package Microsoft.AspNetCore.App --version 2.2.1
NuGet / Microsoft.AspNetCore.App
Introduced in: 2.1.0 Fixed in: 2.1.7
Fix dotnet add package Microsoft.AspNetCore.App --version 2.1.7
NuGet / Microsoft.AspNetCore.All
Introduced in: 2.2.0 Fixed in: 2.2.1
Fix dotnet add package Microsoft.AspNetCore.All --version 2.2.1
NuGet / Microsoft.AspNetCore.All
Introduced in: 2.1.0 Fixed in: 2.1.7
Fix dotnet add package Microsoft.AspNetCore.All --version 2.1.7

References