GHSA-3m2r-q8x3-xmf7 – microsoft.aspnetcore.server.kestrel.transport.libuv

Package

Manager: nuget
Name: microsoft.aspnetcore.server.kestrel.transport.libuv
Vulnerable Version: >=2.0.0 <2.0.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel.

Metadata

Created: 2018-10-16T19:59:48Z
Modified: 2021-12-03T14:27:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-3m2r-q8x3-xmf7/GHSA-3m2r-q8x3-xmf7.json
CWE IDs: []
Alternative ID: N/A
Finding: F067
Auto approve: 1