Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz

Denial of service in ASP.NET Core

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

Permalink: https://github.com/advisories/GHSA-6px8-22w5-w334
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-6px8-22w5-w334, CVE-2019-0564
References:

Repository: https://github.com/github/advisory-database
Blast Radius: 1.0

Affected Packages

nuget:Microsoft.AspNetCore.All

Dependent packages: 89
Dependent repositories: 0
Downloads: 34,284,502 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 2.0.0, 2.0.3, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.1.31, 2.1.34, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:Microsoft.AspNetCore.App

Dependent packages: 133
Dependent repositories: 0
Downloads: 36,520,659 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.1.31, 2.1.34, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:Microsoft.NETCore.App

Dependent packages: 717
Dependent repositories: 0
Downloads: 361,668,639 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.1.0, 1.1.1, 1.1.2, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 2.0.0, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.9, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:System.Net.WebSockets.WebSocketProtocol

Dependent packages: 9
Dependent repositories: 0
Downloads: 88,648,278 total
Affected Version Ranges: >= 4.5.0, < 4.5.3
Fixed in: 4.5.3
All affected versions: 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.5.3, 4.6.0, 4.7.0, 4.7.1, 5.0.0, 5.1.0

nuget:Microsoft.AspNetCore.Server.Kestrel.Core

Dependent packages: 81
Dependent repositories: 0
Downloads: 196,289,073 total
Affected Version Ranges: >= 2.1.0, < 2.1.7
Fixed in: 2.1.7
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.7, 2.1.25, 2.2.0

nuget:Microsoft.AspNetCore.WebSockets

Dependent packages: 89
Dependent repositories: 0
Downloads: 117,353,747 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.2.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.7, 2.2.1