CVE-2020-1597

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-1597
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1597.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1597
Aliases
Downstream
Published
2020-08-17T19:15:21.927Z
Modified
2026-04-10T04:23:34.765150Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

References

Affected packages

Git / github.com/dotnet/aspnetcore

Affected ranges

Type
GIT
Repo
https://github.com/dotnet/aspnetcore
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
00e08d8c11f4e9649492342c9c613a758efd2e4d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
03019875e4eab279a99ba3ba5ee75fb0e4935ce6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.1"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-rc2
1.0.0-rc2-final
1.0.1
1.0.3
1.0.4
1.0.5
1.0.7
1.1.0
1.1.0-preview1
1.1.1
1.1.2
1.1.3
1.1.5
2.*
2.0.0
2.0.0-preview1
2.0.0-preview2
2.1.0
2.1.0-preview1
2.1.0-preview2
2.1.1
2.1.3
2.1.5
2.1.6
release/2.*
release/2.1
release/3.*
release/3.1
v1.*
v1.0.0-alpha2
v1.0.0-alpha3
v1.0.0-beta4
v1.0.0-beta5
v1.0.0-beta6
v1.0.0-beta7
v1.0.0-beta8
v1.0.0-rc1-final
v1.0.0-rc1-update1
v2.*
v2.1.10
v2.1.11
v2.1.12
v2.1.13
v2.1.14
v2.1.16
v2.1.17
v2.1.18
v2.1.19
v2.1.20
v2.1.22
v2.1.23
v2.1.24
v2.1.33
v2.1.7
v2.1.8
v2.1.9
v3.*
v3.0.0-preview-18579-0056
v3.0.0-preview-19075-0444
v3.1.0
v3.1.0-preview3.19555.2
v3.1.10
v3.1.2
v3.1.3
v3.1.8
v3.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1597.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "15.0"
            },
            {
                "last_affected": "15.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "last_affected": "16.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.5"
            },
            {
                "last_affected": "16.6"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]