Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz

Denial of service in ASP.NET Core

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

Permalink: https://github.com/advisories/GHSA-6px8-22w5-w334
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-6px8-22w5-w334, CVE-2019-0564
References:

Repository: https://github.com/github/advisory-database
Blast Radius: 1.0

Affected Packages

nuget:Microsoft.AspNetCore.All

Dependent packages: 0
Dependent repositories: 0
Downloads: 33,333,176 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 2.0.0, 2.0.3, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.1.31, 2.1.34, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:Microsoft.AspNetCore.App

Dependent packages: 0
Dependent repositories: 0
Downloads: 34,579,128 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.1.31, 2.1.34, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:Microsoft.NETCore.App

Dependent packages: 0
Dependent repositories: 0
Downloads: 322,243,106 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.1.0, 1.1.1, 1.1.2, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13, 2.0.0, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.9, 2.1.7, 2.1.8, 2.1.9, 2.1.10, 2.1.11, 2.1.12, 2.1.13, 2.1.14, 2.1.15, 2.1.16, 2.1.17, 2.1.18, 2.1.19, 2.1.20, 2.1.21, 2.1.22, 2.1.23, 2.1.24, 2.1.25, 2.1.26, 2.1.27, 2.1.28, 2.1.29, 2.1.30, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8

nuget:System.Net.WebSockets.WebSocketProtocol

Dependent packages: 0
Dependent repositories: 0
Downloads: 76,008,048 total
Affected Version Ranges: >= 4.5.0, < 4.5.3
Fixed in: 4.5.3
All affected versions: 4.5.0, 4.5.1, 4.5.2
All unaffected versions: 4.5.3, 4.6.0, 4.7.0, 4.7.1, 5.0.0

nuget:Microsoft.AspNetCore.Server.Kestrel.Core

Dependent packages: 0
Dependent repositories: 0
Downloads: 177,643,519 total
Affected Version Ranges: >= 2.1.0, < 2.1.7
Fixed in: 2.1.7
All affected versions: 2.1.0, 2.1.1, 2.1.2, 2.1.3
All unaffected versions: 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.7, 2.1.25, 2.2.0

nuget:Microsoft.AspNetCore.WebSockets

Dependent packages: 0
Dependent repositories: 0
Downloads: 103,478,768 total
Affected Version Ranges: >= 2.1.0, < 2.1.7, = 2.2.0
Fixed in: 2.1.7, 2.2.1
All affected versions: 2.1.0, 2.1.1, 2.2.0
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.1.7, 2.2.1