A set of .NET API's that are included in the default .NET Core application model.
caa7b7e2bad98e56a687fb5cbaf60825500800f7
When using NuGet 3.x this package requires at least version 3.4.
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
CVE-2020-1108 - High Severity Vulnerability
A set of .NET API's that are included in the default .NET Core application model. caa7b7e2bad98e56a687fb5cbaf60825500800f7 When using NuGet 3.x this package requires at least version 3.4.
Library home page: https://api.nuget.org/packages/microsoft.netcore.app.2.1.0.nupkg
Path to dependency file: /core/whats-new/whats-new-in-21/cs/whats-new.csproj
Path to vulnerable library: /nuget/packages/microsoft.netcore.app/2.1.0/microsoft.netcore.app.2.1.0.nupkg
Dependency Hierarchy: - :x: **microsoft.netcore.app.2.1.0.nupkg** (Vulnerable Library)
Found in HEAD commit: 0d7f1931b9759c22f0469b959114a5d94f8f92e4
Found in base branch: main
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.
Publish Date: 2020-05-21
URL: CVE-2020-1108
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3w5p-jhp5-c29q
Release Date: 2020-05-21
Fix Resolution: Microsoft.NETCore.App - 2.1.18, Microsoft.NETCore.App.Runtime - 3.1.4
Step up your Open Source Security Game with Mend here