GHSA-jrjw-qgr2-wfcg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jrjw-qgr2-wfcg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/06/GHSA-jrjw-qgr2-wfcg/GHSA-jrjw-qgr2-wfcg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jrjw-qgr2-wfcg
- Aliases
- Published
- 2023-06-23T21:37:26Z
- Modified
- 2024-06-03T18:49:04.003006Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- YARP Denial of Service Vulnerability
- Details
-
Impact
A denial of service vulnerability exists in YARP.
Patches
If you're using YARP 1.x, you should update to NuGet package version 1.1.2. If you're using YARP 2.0.0, you should update to NuGet package version 2.0.1.
You can do so by updating the
PackageReferencein your.csprojfile<ItemGroup> - <PackageReference Include="Yarp.ReverseProxy" Version="2.0.0" /> - <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.0" /> + <PackageReference Include="Yarp.ReverseProxy" Version="2.0.1" /> + <PackageReference Include="Yarp.Telemetry.Consumption" Version="2.0.1" /> </ItemGroup>or by selecting
2.0.1in the NuGet UI inside Visual Studio (Manage NuGet Packages/Updates)References
- Database specific
{ "nvd_published_at": "2023-06-23T02:15:09Z", "github_reviewed_at": "2023-06-23T21:37:26Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true }- References
-
- https://github.com/microsoft/reverse-proxy/security/advisories/GHSA-jrjw-qgr2-wfcg
- https://nvd.nist.gov/vuln/detail/CVE-2023-33141
- https://github.com/microsoft/reverse-proxy
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141
- https://www.nuget.org/packages/Yarp.ReverseProxy/1.1.2
- https://www.nuget.org/packages/Yarp.ReverseProxy/2.0.1
Affected packages
NuGet / Yarp.ReverseProxy
Package
- Name
- Yarp.ReverseProxy
- View open source insights on deps.dev
- Purl
- pkg:nuget/Yarp.ReverseProxy
NuGet / Yarp.ReverseProxy
Package
- Name
- Yarp.ReverseProxy
- View open source insights on deps.dev
- Purl
- pkg:nuget/Yarp.ReverseProxy