HIGH 7.5

GHSA-j378-6mmw-hqfr

Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests

Details

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

Are you affected?

Enter the version of the package you're using.

Affected packages

NuGet / Microsoft.AspNetCore.All

Introduced in: 2.1.0 Fixed in: 2.1.4

Fix dotnet add package Microsoft.AspNetCore.All --version 2.1.4

NuGet / Microsoft.AspNetCore.App

Introduced in: 2.1.0 Fixed in: 2.1.4

Fix dotnet add package Microsoft.AspNetCore.App --version 2.1.4

NuGet / System.IO.Pipelines

Introduced in: 4.5.0 Fixed in: 4.5.1

Fix dotnet add package System.IO.Pipelines --version 4.5.1

References

https://nvd.nist.gov/vuln/detail/CVE-2018-8409 [ADVISORY]
https://github.com/advisories/GHSA-j378-6mmw-hqfr [ADVISORY]
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8409 [WEB]
http://www.securityfocus.com/bid/105223 [WEB]