Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core

GHSA-cgpw-2gph-2r9g

Published Oct 16, 2018 · Modified Dec 2, 2024

Description

Microsoft is aware of a denial of service vulnerability in ASP.NET Core when a malformed request is terminated. An attacker who successfully exploited this vulnerability could cause a denial of service attack.

The update addresses the vulnerability by correcting how ASP.NET Core handles such requests.

References

WEB https://github.com/aspnet/Announcements/issues/311
ADVISORY https://github.com/advisories/GHSA-cgpw-2gph-2r9g

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes