GHSA-cgpw-2gph-2r9g

Source

https://github.com/advisories/GHSA-cgpw-2gph-2r9g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-cgpw-2gph-2r9g/GHSA-cgpw-2gph-2r9g.json

Published

2018-10-16T19:59:59Z

Modified

2023-04-11T01:47:20.386797Z

Details

Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

References

Affected packages

NuGet / Microsoft.AspNetCore.Server.Kestrel.Core

Package

Name: Microsoft.AspNetCore.Server.Kestrel.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.4

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.3

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.9

Affected versions

2.*

2.0.0

2.0.3

2.0.5

2.0.6

2.0.7

2.0.8

NuGet / Microsoft.AspNetCore.App

Package

Name: Microsoft.AspNetCore.App

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1

NuGet / Microsoft.AspNetCore.Server.Kestrel.Core

Package

Name: Microsoft.AspNetCore.Server.Kestrel.Core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1

NuGet / Microsoft.AspNetCore.All

Package

Name: Microsoft.AspNetCore.All

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

2.1.1