Fluid Attacks Database

Description

Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv Microsoft made an internal discovery of a security vulnerability in version 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
nuget	microsoft.aspnetcore.server.kestrel.core	>=2.0.0 <2.0.3	2.0.3
nuget	microsoft.aspnetcore.server.kestrel.transport.abstractions	>=2.0.0 <2.0.3	2.0.3
nuget	microsoft.aspnetcore.server.kestrel.transport.libuv	>=2.0.0 <2.0.3	2.0.3
nuget	microsoft.aspnetcore.all	>=2.0.0 <2.0.8	2.0.8

Aliases

1. GHSA-3m2r-q8x3-xmf72. GCVE-GHSA-3m2r-q8x3-xmf7

References

1. https://github.com/aspnet/Announcements/issues/300

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.