HIGH 7.5
GHSA-mv2r-q4g5-j8q5
Denial of service in ASP.NET Core
Details
A denial of service vulnerability exists when OData Library improperly handles web requests, aka "OData Denial of Service Vulnerability." This affects Microsoft.Data.OData.
Are you affected?
Enter the version of the package you're using.
Affected packages
NuGet / Microsoft.Data.OData
Introduced in:
0 Fixed in: 5.8.4 Fix
dotnet add package Microsoft.Data.OData --version 5.8.4 NuGet / Microsoft.AspNetCore.DataProtection.AzureStorage
Introduced in:
2.1.0 Fixed in: 2.1.13 Fix
dotnet add package Microsoft.AspNetCore.DataProtection.AzureStorage --version 2.1.13 NuGet / Microsoft.AspNetCore.DataProtection.AzureStorage
Introduced in:
2.2.0 Fixed in: 2.2.7 Fix
dotnet add package Microsoft.AspNetCore.DataProtection.AzureStorage --version 2.2.7 NuGet / Microsoft.AspNetCore.All
Introduced in:
2.1.0 Fixed in: 2.1.13 Fix
dotnet add package Microsoft.AspNetCore.All --version 2.1.13 NuGet / Microsoft.AspNetCore.All
Introduced in:
2.2.0 Fixed in: 2.2.7 Fix
dotnet add package Microsoft.AspNetCore.All --version 2.2.7 References
- https://nvd.nist.gov/vuln/detail/CVE-2018-8269 [ADVISORY]
- https://github.com/aspnet/Announcements/issues/385 [WEB]
- https://github.com/github/advisory-database/issues/302 [WEB]
- https://github.com/advisories/GHSA-mv2r-q4g5-j8q5 [ADVISORY]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8269 [WEB]
- https://www.exploit-db.com/exploits/46101 [WEB]