High severityNVD Advisory· Published May 21, 2020· Updated Aug 4, 2024
CVE-2020-1161
CVE-2020-1161
Description
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
Microsoft.AspNetCore.App.Runtime.linux-armNuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.linux-arm64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.linux-musl-x64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.linux-x64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.osx-x64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.win-armNuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.win-x64NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Microsoft.AspNetCore.App.Runtime.win-x86NuGet | >= 3.1.0, < 3.1.4 | 3.1.4 |
Affected products
15- osv-coords10 versionspkg:bitnami/aspnet-corepkg:nuget/microsoft.aspnetcore.app.runtime.linux-armpkg:nuget/microsoft.aspnetcore.app.runtime.linux-arm64pkg:nuget/microsoft.aspnetcore.app.runtime.linux-musl-arm64pkg:nuget/microsoft.aspnetcore.app.runtime.linux-musl-x64pkg:nuget/microsoft.aspnetcore.app.runtime.linux-x64pkg:nuget/microsoft.aspnetcore.app.runtime.osx-x64pkg:nuget/microsoft.aspnetcore.app.runtime.win-armpkg:nuget/microsoft.aspnetcore.app.runtime.win-x64pkg:nuget/microsoft.aspnetcore.app.runtime.win-x86
>= 3.1.0, < 3.1.1+ 9 more
- (no CPE)range: >= 3.1.0, < 3.1.1
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- (no CPE)range: >= 3.1.0, < 3.1.4
- Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)v5Range: unspecified
- Microsoft/Microsoft Visual Studio 2019v5Range: 16.0
- Microsoft/Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)v5Range: unspecified
- Microsoft/Microsoft Visual Studio 2019 version 16.5v5Range: unspecified
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-3cf7-7wq6-8842ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-1161ghsaADVISORY
- github.com/aspnet/Announcements/issues/416ghsaWEB
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1161ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.