*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
ASP.NET Core basic middleware for supporting HTTP method overrides. Includes:
* X-Forwarded-* headers to forward headers from a proxy.
* HTTP method override header.
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
WS-2018-0608
### Vulnerable Libraries - microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg, microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg, microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.transport.abstractions/2.0.1/microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.transport.libuv/2.0.1/microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
WS-2018-0607
### Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2021-1723
### Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2018-0808
### Vulnerable Library - microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg
ASP.NET Core components for working with the IIS AspNetCoreModule.
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.iisintegration/2.0.1/microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg
ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2017-11770
### Vulnerable Library - microsoft.aspnetcore.2.0.1.nupkg
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Microsoft.AspNetCore
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /packages/microsoft.aspnetcore/2.0.1/microsoft.aspnetcore.2.0.1.nupkg
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2018-0787
### Vulnerable Libraries - microsoft.aspnetcore.httpoverrides.2.0.1.nupkg, microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg### microsoft.aspnetcore.httpoverrides.2.0.1.nupkg
ASP.NET Core basic middleware for supporting HTTP method overrides. Includes: * X-Forwarded-* headers to forward headers from a proxy. * HTTP method override header.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.httpoverrides.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.httpoverrides/2.0.1/microsoft.aspnetcore.httpoverrides.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg - :x: **microsoft.aspnetcore.httpoverrides.2.0.1.nupkg** (Vulnerable Library) ### microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability DetailsASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability".
Publish Date: 2018-03-14
URL: CVE-2018-0787
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2018-03-14
Fix Resolution: Microsoft.AspNetCore.HttpOverrides - 2.0.2, Microsoft.AspNetCore.Server.Kestrel.Core - 2.0.2
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
WS-2018-0608
### Vulnerable Libraries - microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg, microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg, microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg### microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg
Transport abstractions for the ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.transport.abstractions/2.0.1/microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.transport.abstractions.2.0.1.nupkg** (Vulnerable Library) ### microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Core components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg** (Vulnerable Library) ### microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg
Libuv transport for the ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.transport.libuv/2.0.1/microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.transport.libuv.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability DetailsA vulnerability was discovered in versions 2.x of ASP.NET Core where a specially crafted request can cause excess resource consumption in Kestrel.
Publish Date: 2018-05-08
URL: WS-2018-0608
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2018-05-08
Fix Resolution: Microsoft.AspNetCore.Server.Kestrel.Core - 2.0.3,2.1.0;Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions - 2.0.3,2.1.0;Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv - 2.0.3,2.1.0;Microsoft.AspNetCore.All - 2.0.8,2.1.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
WS-2018-0607
### Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkgCore components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability DetailsDenial of service vulnerability in ASP.NET Core when a malformed request is terminated.
Publish Date: 2018-07-10
URL: WS-2018-0607
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Release Date: 2018-07-10
Fix Resolution: Microsoft.AspNetCore.Server.Kestrel.Core - 2.1.2
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2021-1723
### Vulnerable Library - microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkgCore components of ASP.NET Core Kestrel cross-platform web server.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.kestrel.core/2.0.1/microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - microsoft.aspnetcore.server.kestrel.2.0.1.nupkg - :x: **microsoft.aspnetcore.server.kestrel.core.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability DetailsASP.NET Core and Visual Studio Denial of Service Vulnerability
Publish Date: 2021-01-12
URL: CVE-2021-1723
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-1723
Release Date: 2021-01-12
Fix Resolution: Microsoft.AspNetCore.App.Runtime.win-arm64 - 5.0.2;LiveReloadServer - 1.1.0;Plugga.Core - 1.0.2;Maple.Branch.Module - 1.0.4;Microsoft.AspNetCore.Components.WebAssembly.Server - 5.0.1,5.0.0-rc.1.20451.17;AspNetCoreRuntime.5.0.x64 - 5.0.2;AspNetCoreRuntime.5.0.x86 - 5.0.2;Microsoft.AspNetCore.App.Runtime.osx-x64 - 5.0.2,3.1.10;GrazeDocs - 2.0.1;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 5.0.2;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 5.0.2,3.1.10;YHWins.Template - 1.1.0;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Ref - 3.1.10,6.0.0-rc.1.21452.15;Microsoft.AspNetCore.Blazor.DevServer - 3.2.0-preview1.20073.1,3.1.0-preview4.19579.2;Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.10,5.0.2;stankins.console - 2020.12.20-beta298;Toolbelt.Blazor.DevServer.WithCssLiveReloader - 5.0.1,5.0.0-rc.1.20451.17;DragonFire.Server - 0.0.1-alpha.0;PoExtractor.OrchardCore - 0.5.0-rc2-16220;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.10,5.0.2;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.10,5.0.2;HuLu.Template.Api - 1.0.2;AspNetCoreRuntime.3.1.x64 - 3.1.10;AspNetCoreRuntime.3.1.x86 - 3.1.10;Microsoft.AspNetCore.Components.WebAssembly.DevServer - 5.0.0-rc.1.20451.17,5.0.1;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.10;lingman-webapi - 0.0.18
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2018-0808
### Vulnerable Library - microsoft.aspnetcore.server.iisintegration.2.0.1.nupkgASP.NET Core components for working with the IIS AspNetCoreModule.
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.aspnetcore.server.iisintegration/2.0.1/microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg
Dependency Hierarchy: - microsoft.aspnetcore.2.0.1.nupkg (Root Library) - :x: **microsoft.aspnetcore.server.iisintegration.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability DetailsASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.
Publish Date: 2018-03-14
URL: CVE-2018-0808
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808
Release Date: 2018-03-14
Fix Resolution: Microsoft.AspNetCore.Server.IISIntegration - 2.1.0, Microsoft.AspNetCore.Hosting - 2.1.0
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2017-11770
### Vulnerable Library - microsoft.aspnetcore.2.0.1.nupkgMicrosoft.AspNetCore
Library home page: https://api.nuget.org/packages/microsoft.aspnetcore.2.0.1.nupkg
Path to dependency file: /dvcsharp-core-api.csproj
Path to vulnerable library: /packages/microsoft.aspnetcore/2.0.1/microsoft.aspnetcore.2.0.1.nupkg
Dependency Hierarchy: - :x: **microsoft.aspnetcore.2.0.1.nupkg** (Vulnerable Library)
Found in HEAD commit: d840abcb78fb6410e91d4b5d6b00866211891799
Found in base branch: master
### Vulnerability Details.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
Publish Date: 2017-11-15
URL: CVE-2017-11770
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11770
Release Date: 2017-11-15
Fix Resolution: 1.0.8;1.1.5;2.0.3
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)