HIGH 7.5

GHSA-f9jc-rrm2-pmfg

Denial of service in ASP.NET Core

Details

.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".

Are you affected?

Enter the version of the package you're using.

Affected packages

NuGet / Microsoft.AspNetCore.Server.WebListener

Introduced in: 1.0.0 Fixed in: 1.0.6

Fix dotnet add package Microsoft.AspNetCore.Server.WebListener --version 1.0.6

NuGet / Microsoft.AspNetCore.Server.WebListener

Introduced in: 1.1.0 Fixed in: 1.1.4

Fix dotnet add package Microsoft.AspNetCore.Server.WebListener --version 1.1.4

NuGet / Microsoft.Net.Http.Server

Introduced in: 1.0.0 Fixed in: 1.0.6

Fix dotnet add package Microsoft.Net.Http.Server --version 1.0.6

NuGet / Microsoft.Net.Http.Server

Introduced in: 1.1.0 Fixed in: 1.1.4

Fix dotnet add package Microsoft.Net.Http.Server --version 1.1.4

NuGet / Microsoft.AspNetCore.Server.HttpSys

Introduced in: 2.0.0 Fixed in: 2.0.2

Fix dotnet add package Microsoft.AspNetCore.Server.HttpSys --version 2.0.2

Details

Are you affected?

Affected packages

References