GHSA-j378-6mmw-hqfr

Suggest an improvement
Source
https://github.com/advisories/GHSA-j378-6mmw-hqfr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-j378-6mmw-hqfr/GHSA-j378-6mmw-hqfr.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j378-6mmw-hqfr
Aliases
Published
2018-10-16T19:56:38Z
Modified
2023-11-08T04:00:28.099184Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests
Details

A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

References

Affected packages

NuGet / Microsoft.AspNetCore.All

Package

Name
Microsoft.AspNetCore.All
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.All

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.4

Affected versions

2.*

2.1.0
2.1.1
2.1.2
2.1.3

Database specific

{
    "last_known_affected_version_range": "<= 2.1.3"
}

NuGet / Microsoft.AspNetCore.App

Package

Name
Microsoft.AspNetCore.App
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.AspNetCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.4

Affected versions

2.*

2.1.0
2.1.1
2.1.2
2.1.3

Database specific

{
    "last_known_affected_version_range": "<= 2.1.3"
}

NuGet / System.IO.Pipelines

Package

Name
System.IO.Pipelines
View open source insights on deps.dev
Purl
pkg:nuget/System.IO.Pipelines

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.5.0
Fixed
4.5.1

Affected versions

4.*

4.5.0