GHSA-6px8-22w5-w334

Source

https://github.com/advisories/GHSA-6px8-22w5-w334

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6px8-22w5-w334/GHSA-6px8-22w5-w334.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6px8-22w5-w334

Aliases

CVE-2019-0564

Published

2022-05-14T01:41:32Z

Modified

2024-12-05T06:06:39.625751Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of service in ASP.NET Core

Details

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548.

Database specific

{
    "nvd_published_at": "2019-01-08T21:29:00Z",
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:32:43Z"
}

References

Affected packages

NuGet / Microsoft.AspNetCore.WebSockets

Package

Name: Microsoft.AspNetCore.WebSockets; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.WebSockets

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

NuGet / Microsoft.AspNetCore.WebSockets

Package

Name: Microsoft.AspNetCore.WebSockets; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.WebSockets

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

2.*

2.1.0

2.1.1

NuGet / Microsoft.AspNetCore.Server.Kestrel.Core

Package

Name: Microsoft.AspNetCore.Server.Kestrel.Core; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.Server.Kestrel.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

NuGet / System.Net.WebSockets.WebSocketProtocol

Package

Name: System.Net.WebSockets.WebSocketProtocol; View open source insights on deps.dev
Purl: pkg:nuget/System.Net.WebSockets.WebSocketProtocol

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.3

Affected versions

4.*

4.5.0

4.5.1

4.5.2

NuGet / Microsoft.NETCore.App

Package

Name: Microsoft.NETCore.App; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

NuGet / Microsoft.NETCore.App

Package

Name: Microsoft.NETCore.App; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.NETCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

NuGet / Microsoft.AspNetCore.App

Package

Name: Microsoft.AspNetCore.App; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

NuGet / Microsoft.AspNetCore.App

Package

Name: Microsoft.AspNetCore.App; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.7

Affected versions

2.*

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6